From 4ceb2d0cb619bba2ecbf5d72a10c8fa7ba321366 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Fri, 14 Jan 2000 22:11:38 +0000
Subject: * User management commands no longer user pg_exec_query_dest -> more
 robust

* Let unprivileged users change their own passwords.

* The password is now an Sconst in the parser, which better reflects its text datatype and also
forces users to quote them.

* If your password is NULL you won't be written to the password file, meaning you can't connect
until you have a password set up (if you use password authentication).

* When you drop a user that owns a database you get an error. The database is not gone.
---
 doc/src/sgml/Makefile              |  10 ++-
 doc/src/sgml/ref/allfiles.sgml     |   5 +-
 doc/src/sgml/ref/alter_group.sgml  | 162 ++++++++++++++++++++++++++++++++++
 doc/src/sgml/ref/alter_user.sgml   | 111 ++++++++---------------
 doc/src/sgml/ref/commands.sgml     |   5 +-
 doc/src/sgml/ref/create_group.sgml | 176 +++++++++++++++++++++++++++++++++++++
 doc/src/sgml/ref/create_user.sgml  | 137 ++++++++---------------------
 doc/src/sgml/ref/drop_group.sgml   | 138 +++++++++++++++++++++++++++++
 doc/src/sgml/ref/drop_user.sgml    |  65 +++++++-------
 9 files changed, 598 insertions(+), 211 deletions(-)
 create mode 100644 doc/src/sgml/ref/alter_group.sgml
 create mode 100644 doc/src/sgml/ref/create_group.sgml
 create mode 100644 doc/src/sgml/ref/drop_group.sgml

(limited to 'doc/src')

diff --git a/doc/src/sgml/Makefile b/doc/src/sgml/Makefile
index 59e8431a666..864d4621c24 100644
--- a/doc/src/sgml/Makefile
+++ b/doc/src/sgml/Makefile
@@ -8,7 +8,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/doc/src/sgml/Makefile,v 1.12 1999/12/05 20:21:59 momjian Exp $
+#    $Header: /cvsroot/pgsql/doc/src/sgml/Makefile,v 1.13 2000/01/14 22:11:31 petere Exp $
 #
 #----------------------------------------------------------------------------
 
@@ -85,15 +85,17 @@ APPLICATIONS= createdb.sgml createuser.sgml \
 	psql-ref.sgml \
 	vacuumdb.sgml
 
-COMMANDS= abort.sgml alter_table.sgml alter_user.sgml \
+COMMANDS= abort.sgml alter_group.sgml alter_table.sgml alter_user.sgml \
 	begin.sgml \
 	close.sgml cluster.sgml commit.sgml copy.sgml \
-	create_aggregate.sgml create_database.sgml create_function.sgml create_index.sgml \
+	create_aggregate.sgml create_database.sgml create_function.sgml create_group.sgml \
+	create_index.sgml \
 	create_language.sgml create_operator.sgml create_rule.sgml create_sequence.sgml \
 	create_table.sgml create_table_as.sgml create_trigger.sgml create_type.sgml \
 	create_user.sgml create_view.sgml \
 	declare.sgml delete.sgml \
-	drop_aggregate.sgml drop_database.sgml drop_function.sgml drop_index.sgml \
+	drop_aggregate.sgml drop_database.sgml drop_function.sgml drop_group.sgml \
+	drop_index.sgml \
 	drop_language.sgml drop_operator.sgml drop_rule.sgml drop_sequence.sgml \
 	drop_table.sgml drop_trigger.sgml drop_type.sgml drop_user.sgml drop_view.sgml \
 	explain.sgml fetch.sgml grant.sgml \
diff --git a/doc/src/sgml/ref/allfiles.sgml b/doc/src/sgml/ref/allfiles.sgml
index dc04300f2a2..09516b166b0 100644
--- a/doc/src/sgml/ref/allfiles.sgml
+++ b/doc/src/sgml/ref/allfiles.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.14 1999/12/05 20:02:42 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.15 2000/01/14 22:11:32 petere Exp $
 Postgres documentation
 Complete list of usable sgml source files in this directory.
 -->
@@ -40,6 +40,7 @@ Complete list of usable sgml source files in this directory.
 
 <!-- these are in the "commands" reference chapter -->
 <!entity abort              system "abort.sgml">
+<!entity alterGroup         system "alter_group.sgml">
 <!entity alterTable         system "alter_table.sgml">
 <!entity alterUser          system "alter_user.sgml">
 <!entity begin              system "begin.sgml">
@@ -50,6 +51,7 @@ Complete list of usable sgml source files in this directory.
 <!entity createAggregate    system "create_aggregate.sgml">
 <!entity createDatabase     system "create_database.sgml">
 <!entity createFunction     system "create_function.sgml">
+<!entity createGroup        system "create_group.sgml">
 <!entity createIndex        system "create_index.sgml">
 <!entity createLanguage     system "create_language.sgml">
 <!entity createOperator     system "create_operator.sgml">
@@ -66,6 +68,7 @@ Complete list of usable sgml source files in this directory.
 <!entity dropAggregate      system "drop_aggregate.sgml">
 <!entity dropDatabase       system "drop_database.sgml">
 <!entity dropFunction       system "drop_function.sgml">
+<!entity dropGroup          system "drop_group.sgml">
 <!entity dropIndex          system "drop_index.sgml">
 <!entity dropLanguage       system "drop_language.sgml">
 <!entity dropOperator       system "drop_operator.sgml">
diff --git a/doc/src/sgml/ref/alter_group.sgml b/doc/src/sgml/ref/alter_group.sgml
new file mode 100644
index 00000000000..debbe979e1a
--- /dev/null
+++ b/doc/src/sgml/ref/alter_group.sgml
@@ -0,0 +1,162 @@
+<!--
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
+Postgres documentation
+-->
+
+<refentry id="SQL-ALTERGROUP">
+ <refmeta>
+  <refentrytitle id="SQL-ALTERGROUP-title">
+   ALTER GROUP
+  </refentrytitle>
+  <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+ <refnamediv>
+  <refname>
+   ALTER GROUP
+  </refname>
+  <refpurpose>
+   Add users to a group, remove users from a group
+  </refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+  <refsynopsisdivinfo>
+   <date>2000-01-14</date>
+  </refsynopsisdivinfo>
+  <synopsis>
+ALTER GROUP <replaceable class="PARAMETER">name</replaceable> ADD USER <replaceable class="PARAMETER">username</replaceable> [, ... ]
+ALTER GROUP <replaceable class="PARAMETER">name</replaceable> DROP USER <replaceable class="PARAMETER">username</replaceable> [, ... ]
+  </synopsis>
+
+  <refsect2 id="R2-SQL-ALTERGROUP-1">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Inputs
+   </title>
+
+   <para>
+    <variablelist>
+     <varlistentry>
+      <term><replaceable class="PARAMETER">name</replaceable></term>
+      <listitem>
+       <para>
+	The name of the group to modify.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
+      <term><replaceable class="PARAMETER">username</replaceable></term>
+      <listitem>
+       <para>
+        Users which are to be added or removed from the group. The user
+        names must exist.
+       </para>
+      </listitem>
+     </varlistentry>
+
+    </variablelist>
+   </para>
+  </refsect2>
+    
+  <refsect2 id="R2-SQL-ALTERGROUP-2">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Outputs
+   </title>
+   <para>
+    <variablelist>
+     <varlistentry>
+      <term><computeroutput>ALTER GROUP</computeroutput></term>
+      <listitem>
+       <para>
+	Message returned if the alteration was successful.
+       </para>
+      </listitem>
+     </varlistentry>
+     
+    </variablelist>
+   </para>
+  </refsect2>
+ </refsynopsisdiv>
+
+ <refsect1 id="R1-SQL-ALTERGROUP-1">
+  <refsect1info>
+   <date>2000-01-14</date>
+  </refsect1info>
+  <title>
+   Description
+  </title>
+  <para>
+   <command>ALTER GROUP</command> is used to change add users to a group or
+   remove them from a group. Only database superusers can use this command.
+   Adding a user to a group does not create the user. Similarly, removing
+   a user from a group does not drop the user itself.
+  </para>
+  <para>
+   Use <xref linkend="SQL-CREATEGROUP" endterm="SQL-CREATEGROUP-title">
+   to create a new group and <xref linkend="SQL-DROPGROUP"
+   endterm="SQL-DROPGROUP-title"> to remove a group.
+  </para>
+ </refsect1>
+
+ <refsect1 id="R1-SQL-ALTERGROUP-2">
+  <title>
+   Usage
+  </title>
+  <para>
+   Add users to a group:
+
+<programlisting>
+ALTER GROUP staff ADD USER karl, john
+</programlisting>
+
+   Remove a user from a group
+
+<programlisting>
+ALTER GROUP workers DROP USER beth
+</programlisting>
+
+  </para>
+ </refsect1>
+
+ <refsect1 id="R1-SQL-ALTERGROUP-3">
+  <title>
+   Compatibility
+  </title>
+    
+  <refsect2 id="R2-SQL-ALTERGROUP-4">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    SQL92
+   </title>
+   <para>
+    There is no <command>ALTER GROUP</command> statement in
+    <acronym>SQL92</acronym>. The concept of roles is
+    similar.
+   </para>
+  </refsect2>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:"/usr/lib/sgml/catalog"
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user.sgml
index 75bcca86546..f3ce32bb16f 100644
--- a/doc/src/sgml/ref/alter_user.sgml
+++ b/doc/src/sgml/ref/alter_user.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.9 1999/11/30 03:57:22 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.10 2000/01/14 22:11:32 petere Exp $
 Postgres documentation
 -->
 
@@ -24,11 +24,8 @@ Postgres documentation
   </refsynopsisdivinfo>
   <synopsis>
 ALTER USER <replaceable class="PARAMETER">username</replaceable>
-    [ WITH
-     [ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
-     [ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ]
+    [ WITH PASSWORD '<replaceable class="PARAMETER">password</replaceable>' ]
     [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
-    [ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
     [ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
   </synopsis>
 
@@ -40,24 +37,19 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
     Inputs
    </title>
 
-   <para>
-    Refer to <command>CREATE USER</command> for a detailed description of each
-    clause.
-   </para>
-
    <para>
     <variablelist>
      <varlistentry>
-      <term><replaceable class="PARAMETER"> username </replaceable></term>
+      <term><replaceable class="PARAMETER">username</replaceable></term>
       <listitem>
        <para>
-	The Postgres account name of the user whose details are to be altered.
+	The name of the user whose details are to be altered.
        </para>
       </listitem>
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="PARAMETER"> password </replaceable></term>
+      <term><replaceable class="PARAMETER">password</replaceable></term>
       <listitem>
        <para>
 	The new password to be used for this account.
@@ -66,36 +58,36 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="parameter">uid</replaceable></term>
+      <term>CREATEDB</term>
+      <term>NOCREATEDB</term>
       <listitem>
-       <para>
-        The new <productname>PostgreSQL</productname> user id of the user.
-        Since this number is used as a key into the
-        <literal>pg_shadow</literal>/<literal>pg_user</literal> table
-        throughout the system catalogs, it is not recommended that you change
-        it unless the user in question does not own anything at all and/or
-        you really know what you are doing. Note that it is not necessary that
-        database and <acronym>UNIX</acronym> user ids match, but some people
-        choose to keep the numbers the same.
+       <para> 
+	These clauses define a user's ability to create databases.
+	If CREATEDB is specified, the user being defined will
+	be allowed to create his own databases. Using NOCREATEDB
+	will deny a user the ability to create databases.
        </para>
       </listitem>
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="PARAMETER"> groupname </replaceable></term>
+      <term>CREATEUSER</term>
+      <term>NOCREATEUSER</term>
       <listitem>
        <para>
-	The name of an access group into which this account is to be put.
+	These clauses determine whether a user will be permitted to
+	create new users himself. This option will also make the user
+        a superuser who can override all access restrictions.
        </para>
       </listitem>
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="PARAMETER"> abstime </replaceable></term>
+      <term><replaceable class="PARAMETER">abstime</replaceable></term>
       <listitem>
        <para>
 	The date (and, optionally, the time)
-	at which this user's access is to be terminated.
+	at which this user's password is to expire.
        </para>
       </listitem>
      </varlistentry>
@@ -113,9 +105,7 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
    <para>
     <variablelist>
      <varlistentry>
-      <term><computeroutput>
-ALTER USER
-       </computeroutput></term>
+      <term><computeroutput>ALTER USER</computeroutput></term>
       <listitem>
        <para>
 	Message returned if the alteration was successful.
@@ -125,7 +115,7 @@ ALTER USER
      
      <varlistentry>
       <term><computeroutput>
-ERROR: alterUser: user "username" does not exist
+ERROR:  ALTER USER: user "username" does not exist
        </computeroutput></term>
       <listitem>
        <para>
@@ -148,39 +138,15 @@ ERROR: alterUser: user "username" does not exist
   </title>
   <para>
    <command>ALTER USER</command> is used to change the attributes of a user's
-   <productname>Postgres</productname> account.
-   Also, it is only possible for the
-   <productname>Postgres</productname>
-   user or any user with read and modify permissions on
-   <literal>pg_shadow</literal> to alter user passwords.
+   <productname>PostgreSQL</productname> account. Only a database superuser
+   can change privileges and password expiration with this command. Ordinary
+   users can only change their own password.
   </para>
-
   <para>
-   If any of the clauses of the alter user statement are
-   omitted, the corresponding value in the <literal>pg_shadow</literal> table
-   is left unchanged.
+   Use <xref linkend="SQL-CREATEUSER" endterm="SQL-CREATEUSER-title">
+   to create a new user and <xref linkend="SQL-DROPUSER"
+   endterm="SQL-DROPUSER-title"> to remove a user.
   </para>
-    
-  <refsect2 id="R2-SQL-ALTERUSER-3">
-   <refsect2info>
-    <date>1998-09-08</date>
-   </refsect2info>
-   <title>
-    Notes
-   </title>
-   <para>
-    <command>ALTER USER</command>
-    is a <productname>Postgres</productname>
-    language extension.
-   </para>
-   <para>
-    Refer to <command>CREATE/DROP USER</command>
-    to create or remove a user account.
-   </para>
-   <para>
-    The IN GROUP clause is not yet implemented.
-   </para>
-  </refsect2>
  </refsect1>
 
  <refsect1 id="R1-SQL-ALTERUSER-2">
@@ -190,34 +156,29 @@ ERROR: alterUser: user "username" does not exist
   <para>
    Change a user password:
 
-  <programlisting>
-ALTER USER davide WITH PASSWORD hu8jmn3;
-  </programlisting>
+<programlisting>
+ALTER USER davide WITH PASSWORD 'hu8jmn3';
+</programlisting>
 
    Change a user's valid until date
 
-   <programlisting>
+<programlisting>
 ALTER USER manuel VALID UNTIL 'Jan 31 2030';
-   </programlisting>
+</programlisting>
 
    Change a user's valid until date, specifying that his
    authorisation should expire at midday on 4th May 1998 using
    the time zone which is one hour ahead of UTC
-   <programlisting>
+<programlisting>
 ALTER USER chris VALID UNTIL 'May 4 12:00:00 1998 +1';
-   </programlisting>
+</programlisting>
 
    Give a user the ability to create other users and new databases.
 
-   <programlisting>
+<programlisting>
 ALTER USER miriam CREATEUSER CREATEDB;
-   </programlisting>
-
-   Place a user in two groups
+</programlisting>
 
-   <programlisting>
-ALTER USER miriam IN GROUP sales, payroll;
-   </programlisting>
   </para>
  </refsect1>
 
diff --git a/doc/src/sgml/ref/commands.sgml b/doc/src/sgml/ref/commands.sgml
index a8f32017393..8516904dbf1 100644
--- a/doc/src/sgml/ref/commands.sgml
+++ b/doc/src/sgml/ref/commands.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/commands.sgml,v 1.21 1999/12/05 20:02:42 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/commands.sgml,v 1.22 2000/01/14 22:11:32 petere Exp $
 Postgres documentation
 -->
 
@@ -14,6 +14,7 @@ Postgres documentation
   </abstract>
 
    &abort;
+   &alterGroup;
    &alterTable;
    &alterUser;
    &begin;
@@ -24,6 +25,7 @@ Postgres documentation
    &createAggregate;
    &createDatabase;
    &createFunction;
+   &createGroup;
    &createIndex;
    &createLanguage;
    &createOperator;
@@ -40,6 +42,7 @@ Postgres documentation
    &dropAggregate;
    &dropDatabase;
    &dropFunction;
+   &dropGroup;
    &dropIndex;
    &dropLanguage;
    &dropOperator;
diff --git a/doc/src/sgml/ref/create_group.sgml b/doc/src/sgml/ref/create_group.sgml
new file mode 100644
index 00000000000..52023723016
--- /dev/null
+++ b/doc/src/sgml/ref/create_group.sgml
@@ -0,0 +1,176 @@
+<!--
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
+Postgres documentation
+-->
+
+<refentry id="SQL-CREATEGROUP">
+ <refmeta>
+  <refentrytitle id="sql-creategroup-title">
+   CREATE GROUP
+  </refentrytitle>
+  <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+ <refnamediv>
+  <refname>
+   CREATE GROUP
+  </refname>
+  <refpurpose>
+   Creates a new group
+  </refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+  <refsynopsisdivinfo>
+   <date>2000-01-14</date>
+  </refsynopsisdivinfo>
+  <synopsis>
+CREATE GROUP <replaceable class="PARAMETER">name</replaceable>
+    [ WITH 
+     [ SYSID <replaceable class="PARAMETER">gid</replaceable> ]
+     [ USER  <replaceable class="PARAMETER">username</replaceable> [, ...] ] ]
+  </synopsis>
+  
+  <refsect2 id="R2-SQL-CREATEGROUP-1">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Inputs
+   </title>
+   <para>
+
+    <variablelist>
+     <varlistentry>
+      <term><replaceable class="parameter">name</replaceable></term>
+      <listitem>
+       <para>
+	The name of the group.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
+      <term><replaceable class="parameter">gid</replaceable></term>
+      <listitem>
+       <para>
+        The <literal>SYSID</literal> clause can be used to choose
+        the <productname>PostgreSQL</productname> group id of the new
+        group. It is not necessary to do so, however.
+       </para>
+       <para>
+        If this is not specified, the highest assigned group id plus one,
+        starting at 1, will be used as default.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
+      <term><replaceable class="parameter">username</replaceable></term>
+      <listitem>
+       <para>
+        A list of users to include in the group. The users must already exist.
+       </para>
+      </listitem>
+     </varlistentry>
+
+    </variablelist>
+   </para>
+  </refsect2>
+  
+  <refsect2 id="R2-SQL-CREATEGROUP-2">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Outputs
+   </title>
+
+   <para>
+    <variablelist>
+     <varlistentry>
+      <term><computeroutput>CREATE GROUP</computeroutput></term>
+      <listitem>
+       <para>
+	Message returned if the command completes successfully.
+       </para>
+      </listitem>
+     </varlistentry>
+    </variablelist>
+   </para>
+  </refsect2>
+ </refsynopsisdiv>
+
+ <refsect1 id="R1-SQL-CREATEGROUP-1">
+  <refsect1info>
+   <date>2000-01-14</date>
+  </refsect1info>
+  <title>
+   Description
+  </title>
+  <para>
+   CREATE GROUP will create a new group in the database installation.
+   Refer to the adminstrator's guide for information about using groups
+   for authentication.
+   You must be a database superuser to use this command.
+  </para>
+  <para>
+   Use <xref linkend="SQL-ALTERGROUP" endterm="SQL-ALTERGROUP-title">
+   to change a group's membership, and <xref linkend="SQL-DROPGROUP"
+   endterm="SQL-DROPGROUP-title"> to remove a group.
+  </para>  
+ </refsect1> 
+ <refsect1 id="R1-SQL-CREATEGROUP-2">
+  <title>
+   Usage
+  </title>
+  <para>
+   Create an empty group:
+<programlisting>
+CREATE GROUP staff
+</programlisting>
+  </para>
+
+  <para>
+   Create a group with members:
+<programlisting>
+CREATE GROUP marketing WITH USER jonathan, david
+</programlisting>
+  </para>
+ </refsect1>
+ 
+ <refsect1 id="R1-SQL-CREATEGROUP-3">
+  <title>
+   Compatibility
+  </title>
+  
+  <refsect2 id="R2-SQL-CREATEGROUP-4">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    SQL92
+   </title>
+
+   <para>
+    There is no <command>CREATE GROUP</command> statement in SQL92.
+    Roles are similar in concept to groups.
+   </para>
+  </refsect2>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:"/usr/lib/sgml/catalog"
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/src/sgml/ref/create_user.sgml b/doc/src/sgml/ref/create_user.sgml
index 2f5d1d7feea..6994837751d 100644
--- a/doc/src/sgml/ref/create_user.sgml
+++ b/doc/src/sgml/ref/create_user.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.12 1999/12/04 05:03:49 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.13 2000/01/14 22:11:32 petere Exp $
 Postgres documentation
 -->
 
@@ -15,7 +15,7 @@ Postgres documentation
    CREATE USER
   </refname>
   <refpurpose>
-   Creates account information for a new user
+   Creates a new database user
   </refpurpose>
  </refnamediv>
  <refsynopsisdiv>
@@ -26,7 +26,7 @@ Postgres documentation
 CREATE USER <replaceable class="PARAMETER">username</replaceable>
     [ WITH
      [ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
-     [ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ]
+     [ PASSWORD '<replaceable class="PARAMETER">password</replaceable>' ] ]
     [ CREATEDB   | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
     [ IN GROUP     <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
     [ VALID UNTIL  '<replaceable class="PARAMETER">abstime</replaceable>' ]
@@ -61,13 +61,6 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
         match the <acronym>UNIX</acronym> user ids, but some people
         choose to keep the numbers the same.
        </para>
-       <para>
-	If you still want the
-	OS user id and the <filename>usesysid</filename> to match
-	for any given user,
-	use the <application>createuser</application> script provided with
-	the <productname>Postgres</productname> distribution.
-       </para>
        <para>
         If this is not specified, the highest assigned user id plus one
         will be used as default.
@@ -79,30 +72,11 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
       <term><replaceable class="parameter">password</replaceable></term>
       <listitem>
        <para>
-	The PASSWORD clause sets the user's password within
-	the "<filename>pg_shadow</filename>" table. For this reason,
-	<filename>"pg_shadow</filename>" is no
-	longer accessible to the instance of
-	<productname>Postgres</productname> that the
-	<productname>Postgres</productname>
-	user's password is initially set to NULL.
-       </para>
-       <para>
-	When a
-	user's password in the "<filename>pg_shadow</filename>"
-	table is NULL, user
-	authentication proceeds as it historically has (HBA,
-	PG_PASSWORD, etc). However, if a password is set for a
-	user, a new authentication system supplants any other
-	configured for the <productname>Postgres</productname>
-	instance, and the password
-	stored in the "<filename>pg_shadow</filename>" table is used
-	for authentication.
-	For more details on how this authentication system
-	functions see pg_crypt(3). If the WITH PASSWORD clause is
-	omitted, the user's password is set to the empty
-	string which equates to a NULL value in the authentication
-	system mentioned above.
+        Sets the user's password. If you do not plan to use password
+        authentication you can omit this option, otherwise the user
+        won't be able to connect to a password-authenticated server.
+        See pg_hba.conf(5) or the administrator's guide for details on
+        how to set up authentication mechanisms.
        </para>
       </listitem>
      </varlistentry>
@@ -127,8 +101,8 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
       <listitem>
        <para>
 	These clauses determine whether a user will be permitted to
-	create new
-	users in an instance of <productname>Postgres</productname>.
+	create new users himself. This option will also make the user
+        a superuser who can override all access restrictions.
 	Omitting this clause will set the user's value of this
 	attribute to be NOCREATEUSER.
        </para>
@@ -149,15 +123,8 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
       <listitem>
        <para>
 	The VALID UNTIL clause sets an absolute time after which the
-	user's <productname>Postgres</productname>
-	login is no longer valid. Please note that
-	if a user does not have a password defined in the
-	"<filename>pg_shadow</filename>"
-	table, the valid until date will not be checked
-	during user authentication. If this clause is omitted,
-	a NULL value is stored in "<filename>pg_shadow</filename>" 
-	for this attribute,
-	and the login will be valid for all time.
+	user's password is no longer valid. 
+	If this clause is omitted the login will be valid for all time.
        </para>
       </listitem>
      </varlistentry>
@@ -176,9 +143,7 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
    <para>
     <variablelist>
      <varlistentry>
-      <term><computeroutput>
-CREATE USER
-       </computeroutput></term>
+      <term><computeroutput>CREATE USER</computeroutput></term>
       <listitem>
        <para>
 	Message returned if the command completes successfully.
@@ -199,61 +164,38 @@ CREATE USER
   </title>
   <para>
    CREATE USER will add a new user to an instance of 
-   <productname>PostgreSQL</productname>.
+   <productname>PostgreSQL</productname>. Refer to the adminstrator's
+   guide for information about managing users and authentication.
+   You must be a database superuser to use this command.
   </para>
-
-  <refsect2 id="R2-SQL-CREATEUSER-3">
-   <refsect2info>
-    <date>1998-09-21</date>
-   </refsect2info>
-   <title>
-    Notes
-   </title>
-   <para>
-    <command>CREATE USER</command> statement is a
-    <productname>Postgres</productname> language extension.
-   </para>
-   <para>
-    Use <command>DROP USER</command> or <command>ALTER USER</command>
-    statements to remove or modify a user account.
-   </para>
-   <para>
-    Refer to the <filename>pg_shadow</filename> table for further information.
-   </para>
-   <programlisting>
-      Table "pg_shadow"
-  Attribute  |  Type   | Extra
--------------+---------+-------
- usename     | name    |
- usesysid    | int4    |
- usecreatedb | bool    |
- usetrace    | bool    |
- usesuper    | bool    |
- usecatupd   | bool    |
- passwd      | text    |
- valuntil    | abstime |
-   </programlisting>
-  </refsect2>
- </refsect1>
-  
+  <para>
+   Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title">
+   to change a user's password and privileges, and <xref linkend="SQL-DROPUSER"
+   endterm="SQL-DROPUSER-title"> to remove a user.
+   Use <command>ALTER GROUP</command> to add or remove the user from other groups.
+   <productname>PostgreSQL</productname>
+   comes with a script <xref linkend="APP-CREATEUSER"
+   endterm="APP-CREATEUSER-title">
+   which has the same functionality as this command (in fact, it calls this command)
+   but can be run from the command shell.
+  </para>  
+ </refsect1> 
  <refsect1 id="R1-SQL-CREATEUSER-2">
   <title>
    Usage
   </title>
   <para>
    Create a user with no password:
-
-   <programlisting>
+<programlisting>
 CREATE USER jonathan
-   </programlisting>
+</programlisting>
   </para>
 
   <para>
    Create a user with a password:
-
-   <programlisting>
-CREATE USER davide WITH PASSWORD "jw8s0F4"
-   </programlisting>
+<programlisting>
+CREATE USER davide WITH PASSWORD 'jw8s0F4'
+</programlisting>
   </para>
 
   <para>
@@ -261,17 +203,16 @@ CREATE USER davide WITH PASSWORD "jw8s0F4"
    Note that after one second has ticked in 2002, the account is not
    valid:
 
-   <programlisting>
-CREATE USER miriam WITH PASSWORD "jw8s0F4" VALID UNTIL 'Jan 1 2002'
-   </programlisting>
+<programlisting>
+CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL 'Jan 1 2002'
+</programlisting>
   </para>
 
   <para> 
    Create an account where the user can create databases:
-
-   <programlisting>
-CREATE USER manuel WITH PASSWORD "jw8s0F4" CREATEDB
-   </programlisting>
+<programlisting>
+CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB
+</programlisting>
   </para>
  </refsect1>
  
diff --git a/doc/src/sgml/ref/drop_group.sgml b/doc/src/sgml/ref/drop_group.sgml
new file mode 100644
index 00000000000..0d7db1ef098
--- /dev/null
+++ b/doc/src/sgml/ref/drop_group.sgml
@@ -0,0 +1,138 @@
+<!--
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
+Postgres documentation
+-->
+
+<refentry id="SQL-DROPGROUP">
+ <refmeta>
+  <refentrytitle id="SQL-DROPGROUP-TITLE">
+   DROP GROUP
+  </refentrytitle>
+  <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+ <refnamediv>
+  <refname>
+   DROP GROUP
+  </refname>
+  <refpurpose>
+   Removes a group
+  </refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+  <refsynopsisdivinfo>
+   <date>2000-01-14</date>
+  </refsynopsisdivinfo>
+  <synopsis>
+DROP GROUP <replaceable class="PARAMETER">name</replaceable>
+  </synopsis>
+  
+  <refsect2 id="R2-SQL-DROPGROUP-1">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Inputs
+   </title>
+   <para>
+
+    <variablelist>
+     <varlistentry>
+      <term><replaceable class="PARAMETER">name</replaceable></term>
+      <listitem>
+       <para>
+	The name of an existing group.
+       </para>
+      </listitem>
+     </varlistentry>
+    </variablelist>
+   </para>
+  </refsect2>
+  
+  <refsect2 id="R2-SQL-DROPGROUP-2">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    Outputs
+   </title>
+   <para>
+    <variablelist>
+     <varlistentry>
+      <term><computeroutput>DROP GROUP</computeroutput></term>
+      <listitem>
+       <para>
+	The message returned if the group is successfully deleted.
+       </para>
+      </listitem>
+     </varlistentry>
+
+    </variablelist>
+   </para>
+  </refsect2>
+ </refsynopsisdiv>
+
+ <refsect1 id="R1-SQL-DROPGROUP-1">
+  <refsect1info>
+   <date>2000-01-14</date>
+  </refsect1info>
+  <title>
+   Description
+  </title>
+  <para>
+   <command>DROP GROUP</command> removes the specified group from the database.
+   The users in the group are not deleted.
+  </para>
+  <para>
+   Use <xref linkend="SQL-CREATEGROUP" endterm="SQL-CREATEGROUP-title">
+   to add new groups, and <xref linkend="SQL-ALTERGROUP"
+   endterm="SQL-ALTERGROUP-title"> to change a group's membership.
+  </para>  
+ </refsect1>
+
+ <refsect1 id="R1-SQL-DROPGROUP-2">
+  <title>
+   Usage
+  </title>
+  <para>
+   To drop a group:
+<programlisting>
+DROP GROUP staff;
+</programlisting>
+  </para>
+ </refsect1>
+ 
+ <refsect1 id="R1-SQL-DROPGROUP-3">
+  <title>
+   Compatibility
+  </title>
+  
+  <refsect2 id="R2-SQL-DROPGROUP-4">
+   <refsect2info>
+    <date>2000-01-14</date>
+   </refsect2info>
+   <title>
+    SQL92
+   </title>
+   <para>
+    There is no <command>DROP GROUP</command> in <acronym>SQL92</acronym>.
+   </para>
+  </refsect2>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:"/usr/lib/sgml/catalog"
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/src/sgml/ref/drop_user.sgml b/doc/src/sgml/ref/drop_user.sgml
index 27f339f82dc..b2a96e0090f 100644
--- a/doc/src/sgml/ref/drop_user.sgml
+++ b/doc/src/sgml/ref/drop_user.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_user.sgml,v 1.9 1999/12/07 22:41:41 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_user.sgml,v 1.10 2000/01/14 22:11:32 petere Exp $
 Postgres documentation
 -->
 
@@ -15,7 +15,7 @@ Postgres documentation
    DROP USER
   </refname>
   <refpurpose>
-   Removes an user account information
+   Removes a user
   </refpurpose>
  </refnamediv>
  <refsynopsisdiv>
@@ -58,18 +58,17 @@ DROP USER <replaceable class="PARAMETER">name</replaceable>
    <para>
     <variablelist>
      <varlistentry>
-      <term><computeroutput>
-DROP
-       </computeroutput></term>
+      <term><computeroutput>DROP USER</computeroutput></term>
       <listitem>
        <para>
 	The message returned if the user is successfully deleted.
        </para>
       </listitem>
      </varlistentry>
+
      <varlistentry>
       <term><computeroutput>
-ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does not exist.
+ERROR:  DROP USER: user "<replaceable class="parameter">name</replaceable>" does not exist
        </computeroutput></term>
       <listitem>
        <para>
@@ -77,6 +76,18 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
        </para>
       </listitem>
      </varlistentry>
+
+     <varlistentry>
+      <term><computeroutput>
+DROP USER: user "<replaceable class="parameter">name</replaceable>" owns database "<replaceable class="parameter">name</replaceable>", cannot be removed
+       </computeroutput></term>
+      <listitem>
+       <para>
+        You must drop the database first or change its ownership.
+       </para>
+      </listitem>
+     </varlistentry>
+
     </variablelist>
    </para>
   </refsect2>
@@ -90,30 +101,20 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
    Description
   </title>
   <para>
-   <command>DROP USER</command> removes the specified
-   user from the database,
-   along with any databases owned by the user. It
-   does not remove tables, views, or triggers owned by the
-   named user in databases not owned by the user.
+   <command>DROP USER</command> removes the specified user from the database.
+   It does not remove tables, views, or other objects owned by the user. If the
+   user owns any database you get an error.
   </para>
-
-  <refsect2 id="R2-SQL-DROPUSER-3">
-   <refsect2info>
-    <date>1998-09-22</date>
-   </refsect2info>
-   <title>
-    Notes
-   </title>
-   <para>
-    <command>DROP USER</command> is a <productname>Postgres</productname>
-    language extension.
-   </para>
-   <para>
-    Refer to <command>CREATE USER</command> and
-    <command>ALTER USER</command> for information on
-    how to create or modify user accounts.
-   </para>
-  </refsect2>
+  <para>
+   Use <xref linkend="SQL-CREATEUSER" endterm="SQL-CREATEUSER-title">
+   to add new users, and <xref linkend="SQL-ALTERUSER"
+   endterm="SQL-ALTERUSER-title"> to change a user's properties.
+   <productname>PostgreSQL</productname>
+   comes with a script <xref linkend="APP-DROPUSER"
+   endterm="APP-DROPUSER-title">
+   which has the same functionality as this command (in fact, it calls this command)
+   but can be run from the command shell.
+  </para>  
  </refsect1>
 
  <refsect1 id="R1-SQL-DROPUSER-2">
@@ -122,9 +123,9 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
   </title>
   <para>
    To drop a user account:
-   <programlisting>
-DROP USER Jonathan;
-   </programlisting>
+<programlisting>
+DROP USER jonathan;
+</programlisting>
   </para>
  </refsect1>
  
-- 
cgit v1.2.3