Re: Post Install / Secure PostgreSQL

Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com> writes:
> In MySQL, it was recommended that you create a power user account
> rather than manage the database with the 'root' account. Is this also
> the same thing for PostgreSQL? I know you guys told me that there is
> no 'root' account but there is a 'postgres' account which appears to
> be the equivalent of MySQL's 'root' database user. My question is do I
> need to or is it recommended I create a 'carlos' account and grant
> privileges to that user rather than manage the database with the
> 'postgres' super user account?

It's definitely a good idea not to use a superuser account when you
don't have to; just like you don't use Unix root unless you have to.
You should do your day-to-day database hacking in an ordinary
unprivileged account.

There is also an intermediate level, which is an account with the
CREATEROLE option (if you're on a PG version new enough to have that).
That kind of account can do administrative things like creating/deleting
users, changing their passwords, etc, but it can't directly munge system
catalogs or do other things that can seriously screw up your database.

I'd suggest creating "carlos" as either a plain user or a CREATEROLE
user depending on whether you think you're likely to be adding/deleting
plain users regularly.

regards, tom lane