Re: SUPERUSER vs CREATEUSER causes foul 'code smell'

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Rodrigo De León <rdeleonp(at)gmail(dot)com>
Cc: Joshua_Kramer <josh(at)globalherald(dot)net>, pgsql-sql(at)postgresql(dot)org
Subject: Re: SUPERUSER vs CREATEUSER causes foul 'code smell'
Date: 2007-08-16 16:43:47
Message-ID: 5953.1187282627@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

"=?UTF-8?Q?Rodrigo_De_Le=C3=B3n?=" <rdeleonp(at)gmail(dot)com> writes:
> On 8/16/07, Joshua_Kramer <josh(at)globalherald(dot)net> wrote:
>> If I want to create a role who can create other roles, but not have other
>> SUPERUSER priveleges - how can I do that?

> create role foo createrole login password 'foo';

CREATEROLE privilege is not exactly a superuser, but it implies a lot of
administrative privileges anyway --- for instance the ability to change
the password of another account. So this may not be exactly what the OP
wants. We intended CREATEROLE as a way that a DBA could do all his
routine account-management duties without being a "real" superuser (with
the attendant ability to completely destroy the system with a slipup).
Think of it as sudo that lets you do anything you want to /etc/passwd,
but not "rm -rf /"...

If you want exactly what was stated --- the ability to create new roles,
and nothing else --- the best way is to create a function that does only
that one thing, make it superuser-owned and SECURITY DEFINER, and grant
execute privilege on it to whomever you want to be able to do that.
(Don't forget to revoke the default public execute privilege.) Gateway
functions of this sort are the standard solution whenever the system's
classification of privileges isn't quite what you want.

regards, tom lane

In response to

Browse pgsql-sql by date

  From Date Subject
Next Message Franz Mühlbauer 2007-08-17 17:07:12 Limited number of polygon function arguments
Previous Message Peter Eisentraut 2007-08-16 15:47:41 Re: SUPERUSER vs CREATEUSER causes foul 'code smell'