| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Glyn Astill" <glynastill(at)yahoo(dot)co(dot)uk> |
| Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? |
| Date: | 2011-07-27 20:37:46 |
| Message-ID: | 4E3030CA020000250003F82D@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> wrote:
> Maybe the docs should be embellished to also say "since a
> superuser is automatically considered a member of any group, it
> should be taken into account that names with a + mark will affect
> all superusers (although this was not the case prior to 9.0)" or
> something along those lines.
That seems like a good idea to me. I can't help but think that
someone, somewhere is going to create a "suspended" role to assign
to logins which they want temporarily disabled, put that at the top
of pg_hba.conf, and not be amused by the results.
When I dig out from under some other issues, I'll put together a
docs patch to propose something like the above, if nobody beats me
to it.
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Wells Oliver | 2011-07-28 20:19:24 | Unique operator error w/ concatenation |
| Previous Message | Glyn Astill | 2011-07-27 20:22:29 | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? |