From: | Josh Berkus <josh(at)agliodbs(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: superusers are members of all roles? |
Date: | 2011-04-07 04:21:58 |
Message-ID: | 4D9D3BE6.7000303@agliodbs.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> See bug #5763, and subsequent emails. Short version: Tom argued it
> wasn't a bug; Peter and I felt that it was.
Add my vote: it's a bug.
Users who fall afoul of this will spend *hours* trying to debug this
before they stumble on the correct answer. pg_hba.conf is confusing
enough as it is.
The only reason we don't get more bug reports on this is that not very
many users know about using group roles in pg_hba.conf (and few enough
users are using group roles in the first place).
If we're not going to fix this, then we need a big warning in the docs
and the pg_hba.conf file:
"NOTE: Please make sure that at least one rule in pg_hba.conf matches
superuser access before any reject rules"
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2011-04-07 04:29:17 | Re: superusers are members of all roles? |
Previous Message | Robert Haas | 2011-04-07 04:11:58 | Re: too many dotted names |