我们正在清理/标准化系统上的数据库用户/应用程序帐户,这些帐户混合了由不同个人在不同时间使用不同命令创建的帐户。
我们有一种情况,对于某些帐户,密码过期日期属性已明确设置为无穷大,而对于某些帐户,则没有:
postgres=# \du+ List of roles
Role name | Attributes | Member of | Description
------------------+------------------------------------------------------------+-----------+-----------------------------------------------------------------------------------------
user_1 | | {} |
user_2 | | {} |
user_3 | Password valid until infinity | {} |
user_4 | Password valid until infinity | {} |
以便:
postgres=# SELECT * FROM pg_shadow;
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
---------------+----------+-------------+----------+---------+--------------+-------------------------------------+----------+-----------
user_1 | 12345 | f | f | f | f | md5_foo | |
user_2 | 12346 | f | f | f | f | md5_foo | |
user_3 | 12347 | f | f | f | f | md5_bar | infinity |
user_4 | 12348 | f | f | f | f | md5_bar | infinity |
(4 rows)
和:
postgres=# SELECT * FROM pg_roles;
rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolconnlimit | rolpassword | rolvaliduntil | rolbypassrls | rolconfig | oid
---------------+----------+------------+---------------+-------------+-------------+----------------+--------------+-------------+---------------+--------------+-----------+-------
user_1 | f | f | f | f | t | f | -1 | ******** | | f | | 12345
user_1 | f | f | f | f | t | f | -1 | ******** | | f | | 12346
user_1 | f | f | f | f | t | f | -1 | ******** | infinity | f | | 12347
user_1 | f | f | f | f | t | f | -1 | ******** | infinity | f | | 12348
(4 rows)
例如:user_1并且user_2创建于:
CREATE USER user_1/2 WITH ENCRYPTED PASSWORD 'foo';
而user_3anduser_4是用以下方式创建的:
CREATE USER user_3/4 WITH ENCRYPTED PASSWORD 'bar' VALID UNTIL 'infinity';
我们要重置VALID UNTIL属性,以便:
postgres=# \du+ List of roles
Role name | Attributes | Member of | Description
------------------+------------------------------------------------------------+-----------+-----------------------------------------------------------------------------------------
user_1 | | {} |
user_2 | | {} |
user_3 | | {} |
user_4 | | {} |
我们尝试过,但没有成功:
ALTER ROLE user_1/2 WITH VALID UNTIL NULL;ALTER ROLE user_1/2 WITH VALID UNTIL '';ALTER ROLE user_1/2 WITH VALID UNTIL DEFAULT;
所以问题是,是否可以将密码过期日期角色属性重置为NULL/ DEFAULT,最好不必重新创建角色?
我们已经能够将密码到期日期重置为
NULL:这清除
Attributes了user_1/2.