Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all

From: Bryn Llewellyn <bryn(at)yugabyte(dot)com>
To: Jeremy Smith <jeremy(at)musicsmith(dot)net>
Cc: Ian Lawrence Barwick <barwick(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org>, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
Subject: Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all
Date: 2022-10-27 22:24:11
Message-ID: 79D5A94C-19CD-4DD4-B610-AEBA7E637FF6@yugabyte.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> jeremy(at)musicsmith(dot)net wrote:
>
>> bryn(at)yugabyte(dot)com <mailto:bryn(at)yugabyte(dot)com> wrote:
>>
>> I can now characterize what I'd observed more clearly, thus: only a bootstrap super user (as defined above) can start a session without mentioning the name of the database to which to connect and the name of the within-cluster role to connect as—and without supplying a password. And it can do this only from as O/S session where the effective O/S user is the bootstrap superuser.
>
> I don't believe this is correct. psql is using libpq. A hint to that is given in the section under the \c command:
>
> When the command neither specifies nor reuses a particular parameter, the libpq default is used.
>
> The libpq docs show more info on the connection parameters (https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS)
>
> If not specified, both the user and the dbname default to the name of your operating system user. So, this could work if your operating system user, the database name, and the database username are all postgres, but they could also all be bob.
>
> As to the password requirement - this depends on the settings in pg_hba.conf. You could set all connections to trust and then no one would need a password, but I wouldn't recommend that.

Thank you for this extra information, Jeremy. I'm afraid that what I wrote was insufficiently precise. I should have added these riders:

(1) My O/S env is in a brand new VM (it happens to be Parallels on my Big Sur Mac Book) that was created by a single button press that selected Ubuntu 20.04. (I followed that with what I hope is only benign customization for terminal colors and the like.)

(2) My PG regime is what I end up with in this VM immediately following the use of "apt install postgresql-11". (There's a good reason why I want that old version. I hope that its age isn't a distraction here.) Notably, the installation flow offers no opportunity to express choices.

(3) This gives me the PG software (largely owned by the O/S user "postgres", but with some programs owned by "root") and an already started cluster.

(4) I am able to start a plsql session, when my O/S user is "postgres" simply by typing the bare command "psql". Yes, I'm implicitly selecting various libpq default values—just as you described. But those defaults don't include a default for the password.

(5) When I start a session in this way, I see that I have this regime: a single role with the name "postgres" and the status "superuser"; and a single database non-template database also with the name "postgres", together with the usual "template1" and "template2". Further, this query (when connected to the "postgres" database):

select nspname
from pg_namespace n inner join pg_roles r on n.nspowner = r.oid
where r.rolname = 'postgres'
order by 1;

shows me this:

pg_toast
pg_temp_1
pg_toast_temp_1
pg_catalog
public
information_schema

When I asked how to refer to this clearly special cluster-role, David said:

> Don't think it's documented but I like "bootstrap user"

and Ian said:

> "bootstrap superuser" is also mentioned.

Meanwhile, in a separate thread, Adrian pointed me to the "initdb" doc (and command line help) where the term "database superuser" is used.

This means that I'm so far denied the possibility to use a single term that everybody agrees on. I may as well call it the "catalog owning role" here because at least that term is unambiguously descriptive.

I stated in my reply to Adrian that I had formed this hypothesis (reworded slightly here).

When he environment is what I described at the start (which env. brings a "pg_hba.conf" file that requires password authentication by NOT specifying "trust"),

«
You can start a session without specifying the name of the cluster role as which to authorize, its password, and the name of the database to which to connect, ONLY when these things are true:

1. The within-cluster catalog-owning role has a certain name, say "pg_system" (or "bob").

2. The O/S user that owns (most of) the O/S presence of the cluster and the software that accesses it has the identical name "pg_system" (or "bob").

3. The current O/S user when you make the attempt to connect is "pg_system" (or "bob").
»

I want to know if my hypothesis is correct. And, more importantly, I want to know where I can read a nicely written linear account of what *is* correct tha defines and then uses the official terms of art.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message David G. Johnston 2022-10-27 22:38:58 Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all
Previous Message David G. Johnston 2022-10-27 22:24:06 Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all