Re: Columns in pg_shadow?
| От | Tom Lane |
|---|---|
| Тема | Re: Columns in pg_shadow? |
| Дата | |
| Msg-id | 11989.958802482@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Columns in pg_shadow? ("Michael A. Mayo" <mmayo@mcauleybrooklyn.org>) |
| Ответы |
Re: Columns in pg_shadow?
Re: Columns in pg_shadow? |
| Список | pgsql-general |
"Michael A. Mayo" <mmayo@mcauleybrooklyn.org> writes: > I have been looking for information on the meaning of each column in > pg_shadow, but have been unable to find any thus far. It would be good if > someone could enlighten me, or point me to existing documentation. The > columns I am unsure of are listed below: > usecreatedb: > Ability to create new databases? Check. > usetrace: > ? Searching through the sources shows that this flag is not used anywhere. The catalogs.sgml doc file defines it as "can user set trace flags?" but whatever code it controlled must be long dead... > usesuper: > I assume this makes the user a "superuser," but I am not sure exactly > what that means. A superuser is God as far as the database is concerned: she's not subject to any protection checks, and there are some security-critical operations like backend COPY that are only allowed to superusers. Pretty much the same concept as being "root" on a Unix system. > usecatupd: > Ability to change system tables? Right. The point of this flag is to let superusers be slightly less Godlike: by turning off her usecatupd flag, a superuser can revoke her right to alter system tables via direct INSERT/UPDATE/DELETE commands, and thereby avoid foolish mistakes. Or that seemed to be the plan anyway. Since there's no really convenient interface for twiddling this flag, I doubt anyone actually bothers to change it. It starts out the same as one's usesuper flag, and probably stays that way... BTW, the easiest way to learn about this sort of stuff is to scan the source code --- and if you don't have a handy tool for that, allow me to recommend "glimpse", http://glimpse.cs.arizona.edu/. I wasn't too sure about usetrace or usecatupd either, but it took just a few seconds to examine their uses and learn what I said above. (For fans of the One True Editor: I have an emacs macro that invokes glimpse in the same way as grep is called by the standard "grep" macro, so that you can step through all the hits with C-x `. Let me know if you need it.) regards, tom lane
В списке pgsql-general по дате отправления: