Kenneth Downs <ken@xxxxxxxxxx> writes: > Except for the hole. On a public site that lets users register, we have > to have way to let the web server assume the role of somebody who has > createuser privelege, and that's pretty much the end of the no-root > policy. If an exploit could be placed, it could simply go into that > mode and create a superuser. > What would be really nice is if you could limit the ability of > CREATEUSER to grant roles. I believe that a role that has CREATEROLE but not SUPERUSER can only create non-SUPERUSER roles. Does that help? regards, tom lane
