From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Bryn Llewellyn <bryn(at)yugabyte(dot)com> |
Cc: | Ian Lawrence Barwick <barwick(at)gmail(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all |
Date: | 2022-10-27 22:24:06 |
Message-ID: | CAKFQuwavAV9D0Xh_ScTg4FTQkQvWsQhyVJYAOg9aVzbqa85ixg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Thu, Oct 27, 2022 at 12:09 PM Bryn Llewellyn <bryn(at)yugabyte(dot)com> wrote:
> [*] I see that, in my Ubuntu installation, critical programs like
> "postgres" itself, "initdb", "pg_ctl", "pg_dump" and so on are owned by
> "root".
>
And they exist in a "bin" directory so that any user on the system can
actually execute them. It doesn't really matter who owns the binaries so
far as the database is concerned, it matters who executes them.
> The fact that the "bootstrap superuser" term of art denotes a matching
> pair of two principals (an O/S user and a within-cluster role)
>
No, it does not. It denotes only the PostgreSQL role. "service user" is
probably a better term for the O/S side of things. Though, frankly, aside
from trying to distinguish things when talking about logging in, the
necessity to even care about the O/S user is fairly minimal.
> means that some sentences will require extra verbiage to identify which
> half of the pair the sentence treats. I'm open to suggestions. But I'll
> start with these these I'm corrected: the "bootstrap (regular) OS-user" and
> the "bootstrap within cluster superuser role". Sadly, the fact that "super"
> is baked into the term of art makes it difficult to name the O/S half of
> the phenomenon.
>
> I can now characterize what I'd observed more clearly, thus: only a
> bootstrap super user (as defined above) can start a session without
> mentioning the name of the database to which to connect and the name of the
> within-cluster role to connect as—and without supplying a password. And it
> can do this only from as O/S session where the effective O/S user is the
> bootstrap superuser.
>
That is generally wrong - it is only correct when considering a newly
initialized cluster - since then the only database that exists is the
postgres database and you cannot connect to a cluster without specifying an
existing database (so if you don't want to explicitly specify one you
better arrange things so the default you end up using is postgres, which
means your O/S user has to be postgres). Otherwise, as your "usr" example
demonstrates, just create a database named "usr" and you won't get the
"database usr not found" error message anymore and the login will succeed.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Bryn Llewellyn | 2022-10-27 22:24:11 | Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all |
Previous Message | Jeremy Smith | 2022-10-27 20:41:22 | Re: Seeking the correct term of art for the (unique) role that is usually called "postgres"—and the mental model that underlies it all |