On Thu, Oct 27, 2022 at 12:09 PM Bryn Llewellyn <bryn@xxxxxxxxxxxx> wrote:
[*] I see that, in my Ubuntu installation, critical programs like "postgres" itself, "initdb", "pg_ctl", "pg_dump" and so on are owned by "root".
And they exist in a "bin" directory so that any user on the system can actually execute them. It doesn't really matter who owns the binaries so far as the database is concerned, it matters who executes them.
The fact that the "bootstrap superuser" term of art denotes a matching pair of two principals (an O/S user and a within-cluster role)
No, it does not. It denotes only the PostgreSQL role. "service user" is probably a better term for the O/S side of things. Though, frankly, aside from trying to distinguish things when talking about logging in, the necessity to even care about the O/S user is fairly minimal.
means that some sentences will require extra verbiage to identify which half of the pair the sentence treats. I'm open to suggestions. But I'll start with these these I'm corrected: the "bootstrap (regular) OS-user" and the "bootstrap within cluster superuser role". Sadly, the fact that "super" is baked into the term of art makes it difficult to name the O/S half of the phenomenon.I can now characterize what I'd observed more clearly, thus: only a bootstrap super user (as defined above) can start a session without mentioning the name of the database to which to connect and the name of the within-cluster role to connect as—and without supplying a password. And it can do this only from as O/S session where the effective O/S user is the bootstrap superuser.
That is generally wrong - it is only correct when considering a newly initialized cluster - since then the only database that exists is the postgres database and you cannot connect to a cluster without specifying an existing database (so if you don't want to explicitly specify one you better arrange things so the default you end up using is postgres, which means your O/S user has to be postgres). Otherwise, as your "usr" example demonstrates, just create a database named "usr" and you won't get the "database usr not found" error message anymore and the login will succeed.
David J.