Well, that's good news and bad news. Good news...the application developers' jobs just got a little easier. Bad news...I get to document why we can't meet this security requirement. And yes, I agree, it's a pretty air-headed requirement. If I spent less time chasing compliance, I might actually make the system more secure. Ken On Mon, Jan 31, 2011 at 1:07 PM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > Kenneth Buckler <kenneth.buckler@xxxxxxxxx> writes: >> Does autovacuum automatically use the 'postgres' role? > > It automatically uses the bootstrap superuser role. > >> If so, how can I change what role autovacuum uses? > > You can't. > >> One of the security requirements >> I've been required to implement removes superuser privileges from >> postgres and assigns those privileges to a different role. > > You can't mess around with the bootstrap superuser. If you like, you > can cause it to be named something other than "postgres" --- just run > initdb as some other operating system user name. (I think it would also > work to do ALTER USER RENAME after the fact, but haven't really > experimented with the consequences of that.) But otherwise, this > "security requirement" seems pretty air-headed. You have to have a > superuser. > > regards, tom lane > -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
