From dd19fc63401b98c1ca553eee1d8a8355396fa05c Mon Sep 17 00:00:00 2001
From: Robert Haas <rhaas@postgresql.org>
Date: Thu, 21 Jul 2022 11:28:46 -0400
Subject: [PATCH v1] Do not allow removal of superuser privileges from
 bootstrap user.

---
 src/backend/commands/user.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 5b24b6dcad..37260edbe4 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -693,7 +693,14 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 	 */
 	if (dissuper)
 	{
-		new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(boolVal(dissuper->arg));
+		bool	should_be_super = BoolGetDatum(boolVal(dissuper->arg));
+
+		if (!should_be_super && roleid == BOOTSTRAP_SUPERUSERID)
+			ereport(ERROR,
+					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+					 errmsg("permission denied: bootstrap user must be superuser")));
+
+		new_record[Anum_pg_authid_rolsuper - 1] = should_be_super;
 		new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
 	}
 
-- 
2.24.3 (Apple Git-128)