On Mon, Nov 21, 2022 at 5:30 PM Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 11/21/22 15:05, Bryn Llewellyn wrote:
>
> In fact, David Johnston did unequivocally challenge my strawman a couple of turns back, thus:
>
And the equivocal additions later in the post:
Yeah, even when I try to be unequivocal I tend to fail...Devil's Advocate is another role I enjoy playing.
>
> There's also the caveat that a "drop" attempt by a superuser for a single object owned by the bootstrap superuser (say, the "pg_catalog.pg_terminate_backend()" function) in some database causes an error with the message "cannot drop function... because it is required by the database system". (At least, this is what my tests have shown with a smallish sample of drop targets.)
There are some protections in place to prevent the superuser from shooting themselves in the foot accidentally. They are readily disabled though, through a simple SET command in the session.
Superuser is superuser, there is no magic associated with the bootstrap
superuser.
Not quite true, it is magical in that every initdb thing that needs an owner has it as an owner. And, at least not easily or desirably, that ownership cannot be transferred, which makes dropping said role problematic.
David J.
