Isn't it just enough to prevent the user with userid 1 from losing the superuser status. If one want to allow it one could prevent it just when doing the ALTER USER stuff and allow it when editing pg_shadow directly. Or maybe have some guc variable that write locks the user with id 1.
That gets my vote - can't take superuser off id 1...
Given that it was so "simple" to restore I'm not sure if it's worth it or not, but restricting just user 1 does not give any of the problems you wrote about.
Well, sergio sure wasn't very happy...
And if I ever get around to my patch that separates out superuser and catalog modification privileges, superusers will no longer necessarily be able to 'delete from pg_proc';
Chris
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
