Re: Autovacuum Issues?
| От | Kenneth Buckler |
|---|---|
| Тема | Re: Autovacuum Issues? |
| Дата | |
| Msg-id | AANLkTi=KmoCG61xAsXPOcx-RUM-FOudFKJ-rUs5SM+mr@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Autovacuum Issues? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-general |
Well, that's good news and bad news. Good news...the application developers' jobs just got a little easier. Bad news...I get to document why we can't meet this security requirement. And yes, I agree, it's a pretty air-headed requirement. If I spent less time chasing compliance, I might actually make the system more secure. Ken On Mon, Jan 31, 2011 at 1:07 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Kenneth Buckler <kenneth.buckler@gmail.com> writes: >> Does autovacuum automatically use the 'postgres' role? > > It automatically uses the bootstrap superuser role. > >> If so, how can I change what role autovacuum uses? > > You can't. > >> One of the security requirements >> I've been required to implement removes superuser privileges from >> postgres and assigns those privileges to a different role. > > You can't mess around with the bootstrap superuser. If you like, you > can cause it to be named something other than "postgres" --- just run > initdb as some other operating system user name. (I think it would also > work to do ALTER USER RENAME after the fact, but haven't really > experimented with the consequences of that.) But otherwise, this > "security requirement" seems pretty air-headed. You have to have a > superuser. > > regards, tom lane >
В списке pgsql-general по дате отправления: