Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wKLdZ-000saF-2y for pgsql-bugs@arkaria.postgresql.org; Tue, 05 May 2026 19:40:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wKLdX-00De2G-1k for pgsql-bugs@arkaria.postgresql.org; Tue, 05 May 2026 19:40:55 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wKLdX-00De28-0w for pgsql-bugs@lists.postgresql.org; Tue, 05 May 2026 19:40:55 +0000 Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wKLdV-00000000MoR-0Qsh for pgsql-bugs@lists.postgresql.org; Tue, 05 May 2026 19:40:54 +0000 Received: by mail-qk1-x72e.google.com with SMTP id af79cd13be357-8ec37d52c0dso607690985a.0 for ; Tue, 05 May 2026 12:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778010053; x=1778614853; darn=lists.postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=aM0C9Lfy/oRy436fEAesOlyuUUOvtVzN8ooulrxkVEc=; b=k/bGjcUBxvn5ZId9drkmcQZigPSfcLoolQNpG0dxpl6ui+dex58iuk7c1ikc+uDp6v 9H6zcm/cbdkuJKEIkU/kJtwUdGybt4FdNFa8Vh2NoZ1CNBCso8TIpPrPcMk0j0dRVzRa jEeayT81mADFWgslj+wFURbfsOVjo+sSsq4iWr9Vgrr2TReaNcKoqM2Yi6fdLdnbnGbh I0xBhmzZVscU6V+QZ0/AxrUGAYgaxaU0B4Zbot9wYqxpy9j6lYD/uIdPY9/gPROzbOjG Mje4cAnfVxpOcW2tijovXbMH99gltO8H+WuC6JmG/SoHmfH3grDiAEtHH5oUXs5umYZp oy+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778010053; x=1778614853; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aM0C9Lfy/oRy436fEAesOlyuUUOvtVzN8ooulrxkVEc=; b=csZiacEo5/1voqFfa5ZF57SoeazACV+wNHDhxgQcUYIh4p5OxA7BlxgXtetIW4ab3Z PNNMaoqRZAm5k9T8eLvbehfmJ+YU+ocuiNvJBKxelxYUTt4e0t8cpdgx4XsEMGZuBg97 f/gYyjzAmNVApxSF0iKFsfr0ciYQt2PeVpCkNxJorsKz49MIbgaYAw+5xtwg+1chOROY jK30RoKvccWOTPVB+DS8QuptX56A29no6JTTJHiRYTJ8YLDm/WL9xK9wg1ClOn06Cx8a nHnt7KhUiQvNF5wBvxqO+sUMxjw0hX0Txo2rPj6JKYXWX2DoRzzH6lXmRXPv0xjXDEbm NnKw== X-Forwarded-Encrypted: i=1; AFNElJ8mj7G73qb0R/nOuwC1QmgMtwZBt+PyOSfUdTTO6vm34Bs6ZJxhOwJiUjTvygyfoMJkUCJBNh9++lYV@lists.postgresql.org X-Gm-Message-State: AOJu0YwoOlUDaXf4JvNDRk6oc9HqcQC3AxDvRpAktsuLUu8qhP8CWgSX 4o5p0VxZIevT3c4P3Ro8VfoRqMCoxQP9FbNU9pIofq8VWw0sGayf/94O X-Gm-Gg: AeBDieuU5DCeyPA8gpzWTEt9T8BpyqFjwWMAqpGDBAK6FAygCc90HEamhGGFnSUrpb6 Qy7l+o0vXTgmgcszu1nmJSDngxln7JFn1jaT5KvTyGrSOqvqwL+znIZrGGq6EwKuFUzrQVRSLTX DxrRG5y7XsxaP6Dr4RQO+c4nhqEP8Ed42+VuJKggHOJjbjPF4c93ZAiTXQAz/3HjmpIF/Z+NI7H Zxv5xjsJ0oO3tV2cFHQEbGegL9EFYgRrHln6m0vVqE6ViIXqPEsEcon3OQ109BxSOsd8dPrcGFX Y3Aco1qu8ym1Fifp417i/H41QXx9lDstDvfR6H5UL09vHtWvCS5CWWzYF/6zWhFK0VKIF1gbUJ6 NplgOLUt50B+tpIpfFo9AnAxWGQndT21UnWw+GGYnroaJZAPl37Qtc8RoFteBJI2WvBTTHSMr/+ EOFOax0g90U/aWUwuPeugdC+GxEORtm5foew8HsqjBDMUFta0iUpc7TxnWnbBuNLlB0QUKjauuF fDm0Iyxr5Q9HQVf+eZ1JSctJRrEbYLN X-Received: by 2002:a05:620a:f0c:b0:8f1:9e59:220e with SMTP id af79cd13be357-904d63e7a90mr69256485a.39.1778010052808; Tue, 05 May 2026 12:40:52 -0700 (PDT) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8fc2cd04ddesm1438158785a.43.2026.05.05.12.40.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 12:40:51 -0700 (PDT) Date: Tue, 5 May 2026 14:40:49 -0500 From: Nathan Bossart To: Tom Lane Cc: Euler Taveira , =?utf-8?B?w4FsdmFybyBSb2Ryw61ndWV6?= , pgsql-bugs@lists.postgresql.org, Javier Maellas , Diego Revenga , robertmhaas@gmail.com Subject: Re: pg_dumpall can't be restored with different bootstrap superuser Message-ID: References: <671134.1778008247@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <671134.1778008247@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, May 05, 2026 at 03:10:47PM -0400, Tom Lane wrote: > I don't think that pg_dumpall is to be blamed; this is the backend's > fault. I thought we had made this better in dd1398f13, but it still > seems rather bogus: > > [...] > regression=# grant a to b granted by super; > ERROR: permission denied to grant privileges as role "super" > DETAIL: The grantor must have the ADMIN option on role "a". > > Surely a superuser should be considered to have admin options > on everything. I think this comes from commit ce6b672e44, which established the idea that the bootstrap superuser was the "role owner". > Even more bogus, compare these results: > > regression=# \c - super > You are now connected to database "regression" as user "super". > regression=# grant a to b granted by super; > ERROR: permission denied to grant privileges as role "super" > DETAIL: The grantor must have the ADMIN option on role "a". > > regression=# grant a to b; > GRANT ROLE > > Anyone would think that "GRANTED BY current_user" has the > same effect as omitting the clause, but here it doesn't. Right. When omitted, check_role_grantor() uses the bootstrap superuser if the current role is a superuser. > So it seems to me that we're missing a superuserness check > somewhere in this, but I'm not entirely sure which bit of > code to blame. > > I agree that the answer for existing branches is probably > going to be "so don't do that", but maybe we can improve > this in v19 or later. I've added Robert to the thread for his thoughts. I'm not sure how much wiggle room we have in the current design to make things more lenient, but I haven't investigated too deeply yet. -- nathan