Do not allow removal of superuser privileges from bootstrap user. A bootstrap user who is not a superuser will still own many important system objects, such as the pg_catalog schema, that will likely allow that user to regain superuser status. Therefore, allowing the superuser property to be removed from the superuser creates a false perception of security where none exists.
Although removing superuser from the bootstrap user is also a bad idea and should be considered unsupported in all released versions, no back-patch, as this is a behavior change. Discussion: http://postgr.es/m/CA+TgmoZirCwArJms_fgvLBFrC6b=HdxmG7iAhv+kt_=nba7...@mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/e530be2c5ce77475d56ccf8f4e0c4872b666ad5f Modified Files -------------- src/backend/commands/user.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
