From 780068f812a61e73b2474f7f025b28309a2f1840 Mon Sep 17 00:00:00 2001
From: "Marc G. Fournier" <scrappy@hub.org>
Date: Wed, 25 Feb 1998 13:09:49 +0000
Subject: [PATCH] From: Jan Wieck <jwieck@debis.com>

    seems  that  my last post didn't make it through. That's good
    since  the  diff  itself  didn't  covered  the  renaming   of
    pg_user.h to pg_shadow.h and it's new content.

    Here  it's  again.  The  complete regression test passwd with
    only some  float  diffs.  createuser  and  destroyuser  work.
    pg_shadow cannot be read by ordinary user.
---
 src/backend/catalog/Makefile         |   4 +-
 src/backend/catalog/aclchk.c         |  26 +++---
 src/backend/commands/copy.c          |   4 +-
 src/backend/commands/dbcommands.c    |  10 +--
 src/backend/commands/define.c        |   4 +-
 src/backend/commands/proclang.c      |   2 +-
 src/backend/commands/user.c          | 130 +++++++++++++--------------
 src/backend/libpq/auth.c             |   4 +-
 src/backend/libpq/crypt.c            |   4 +-
 src/backend/parser/gram.y            |   4 +-
 src/backend/rewrite/rewriteHandler.c |   6 +-
 src/backend/utils/adt/acl.c          |   8 +-
 src/backend/utils/cache/syscache.c   |  16 ++--
 src/backend/utils/init/globals.c     |   4 +-
 src/backend/utils/init/miscinit.c    |   8 +-
 src/backend/utils/misc/superuser.c   |   6 +-
 src/bin/createuser/createuser.sh     |   4 +-
 src/bin/destroyuser/destroyuser.sh   |   4 +-
 src/bin/initdb/initdb.sh             |  29 ++++--
 src/include/catalog/catname.h        |   4 +-
 src/include/catalog/pg_attribute.h   |   4 +-
 src/include/catalog/pg_class.h       |   6 +-
 src/include/catalog/pg_shadow.h      | 105 ++++++++++++++++++++++
 src/include/catalog/pg_type.h        |   4 +-
 src/include/utils/acl.h              |   4 +-
 25 files changed, 260 insertions(+), 144 deletions(-)
 create mode 100644 src/include/catalog/pg_shadow.h

diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile
index 050c93c8e8..51fd03d74c 100644
--- a/src/backend/catalog/Makefile
+++ b/src/backend/catalog/Makefile
@@ -4,7 +4,7 @@
 #    Makefile for catalog
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/backend/catalog/Makefile,v 1.8 1998/01/05 18:42:39 momjian Exp $
+#    $Header: /cvsroot/pgsql/src/backend/catalog/Makefile,v 1.9 1998/02/25 13:05:55 scrappy Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -27,7 +27,7 @@ SUBSYS.o: $(OBJS)
 GENBKI= ./genbki.sh
 
 GLOBALBKI_SRCS= $(addprefix ../../include/catalog/, \
-                  pg_database.h pg_variable.h pg_user.h \
+                  pg_database.h pg_variable.h pg_shadow.h \
                   pg_group.h pg_log.h \
                  )
 
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index d3f786c48d..17d87dd744 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.6 1998/02/24 03:31:45 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.7 1998/02/25 13:05:57 scrappy Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -32,7 +32,7 @@
 #include "catalog/pg_aggregate.h"
 #include "catalog/pg_proc.h"
 #include "catalog/pg_type.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "parser/parse_agg.h"
 #include "parser/parse_func.h"
 #include "utils/syscache.h"
@@ -396,14 +396,14 @@ pg_aclcheck(char *relname, char *usename, AclMode mode)
 	if (!HeapTupleIsValid(htp))
 		elog(ERROR, "pg_aclcheck: user \"%s\" not found",
 			 usename);
-	id = (AclId) ((Form_pg_user) GETSTRUCT(htp))->usesysid;
+	id = (AclId) ((Form_pg_shadow) GETSTRUCT(htp))->usesysid;
 
 	/*
 	 * for the 'pg_database' relation, check the usecreatedb field before
 	 * checking normal permissions
 	 */
 	if (strcmp(DatabaseRelationName, relname) == 0 &&
-		(((Form_pg_user) GETSTRUCT(htp))->usecreatedb))
+		(((Form_pg_shadow) GETSTRUCT(htp))->usecreatedb))
 	{
 
 		/*
@@ -417,12 +417,12 @@ pg_aclcheck(char *relname, char *usename, AclMode mode)
 
 	/*
 	 * Deny anyone permission to update a system catalog unless
-	 * pg_user.usecatupd is set.  (This is to let superusers protect
+	 * pg_shadow.usecatupd is set.  (This is to let superusers protect
 	 * themselves from themselves.)
 	 */
 	if (((mode & ACL_WR) || (mode & ACL_AP)) &&
 		IsSystemRelationName(relname) &&
-		!((Form_pg_user) GETSTRUCT(htp))->usecatupd)
+		!((Form_pg_shadow) GETSTRUCT(htp))->usecatupd)
 	{
 		elog(DEBUG, "pg_aclcheck: catalog update to \"%s\": permission denied",
 			 relname);
@@ -432,7 +432,7 @@ pg_aclcheck(char *relname, char *usename, AclMode mode)
 	/*
 	 * Otherwise, superusers bypass all permission-checking.
 	 */
-	if (((Form_pg_user) GETSTRUCT(htp))->usesuper)
+	if (((Form_pg_shadow) GETSTRUCT(htp))->usesuper)
 	{
 #ifdef ACLDEBUG_TRACE
 		elog(DEBUG, "pg_aclcheck: \"%s\" is superuser",
@@ -531,12 +531,12 @@ pg_ownercheck(char *usename,
 	if (!HeapTupleIsValid(htp))
 		elog(ERROR, "pg_ownercheck: user \"%s\" not found",
 			 usename);
-	user_id = (AclId) ((Form_pg_user) GETSTRUCT(htp))->usesysid;
+	user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(htp))->usesysid;
 
 	/*
 	 * Superusers bypass all permission-checking.
 	 */
-	if (((Form_pg_user) GETSTRUCT(htp))->usesuper)
+	if (((Form_pg_shadow) GETSTRUCT(htp))->usesuper)
 	{
 #ifdef ACLDEBUG_TRACE
 		elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
@@ -597,12 +597,12 @@ pg_func_ownercheck(char *usename,
 	if (!HeapTupleIsValid(htp))
 		elog(ERROR, "pg_func_ownercheck: user \"%s\" not found",
 			 usename);
-	user_id = (AclId) ((Form_pg_user) GETSTRUCT(htp))->usesysid;
+	user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(htp))->usesysid;
 
 	/*
 	 * Superusers bypass all permission-checking.
 	 */
-	if (((Form_pg_user) GETSTRUCT(htp))->usesuper)
+	if (((Form_pg_shadow) GETSTRUCT(htp))->usesuper)
 	{
 #ifdef ACLDEBUG_TRACE
 		elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
@@ -638,12 +638,12 @@ pg_aggr_ownercheck(char *usename,
 	if (!HeapTupleIsValid(htp))
 		elog(ERROR, "pg_aggr_ownercheck: user \"%s\" not found",
 			 usename);
-	user_id = (AclId) ((Form_pg_user) GETSTRUCT(htp))->usesysid;
+	user_id = (AclId) ((Form_pg_shadow) GETSTRUCT(htp))->usesysid;
 
 	/*
 	 * Superusers bypass all permission-checking.
 	 */
-	if (((Form_pg_user) GETSTRUCT(htp))->usesuper)
+	if (((Form_pg_shadow) GETSTRUCT(htp))->usesuper)
 	{
 #ifdef ACLDEBUG_TRACE
 		elog(DEBUG, "pg_aggr_ownercheck: user \"%s\" is superuser",
diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index 2dee47fa1f..7807ddb91f 100644
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -6,7 +6,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.42 1998/02/13 19:45:38 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.43 1998/02/25 13:06:08 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -32,7 +32,7 @@
 #include <access/genam.h>
 #include <catalog/pg_type.h>
 #include <catalog/catname.h>
-#include <catalog/pg_user.h>
+#include <catalog/pg_shadow.h>
 #include <commands/copy.h>
 #include "commands/trigger.h"
 #include <storage/fd.h>
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 2bebaba587..9326b1a549 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.6 1998/01/31 04:38:19 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.7 1998/02/25 13:06:09 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -25,7 +25,7 @@
 #include "utils/elog.h"
 #include "catalog/catname.h"
 #include "catalog/pg_proc.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "catalog/pg_database.h"
 #include "utils/syscache.h"
 #include "commands/dbcommands.h"
@@ -211,9 +211,9 @@ check_permissions(char *command,
 	userName = GetPgUserName();
 	utup = SearchSysCacheTuple(USENAME, PointerGetDatum(userName),
 							   0, 0, 0);
-	*userIdP = ((Form_pg_user) GETSTRUCT(utup))->usesysid;
-	use_super = ((Form_pg_user) GETSTRUCT(utup))->usesuper;
-	use_createdb = ((Form_pg_user) GETSTRUCT(utup))->usecreatedb;
+	*userIdP = ((Form_pg_shadow) GETSTRUCT(utup))->usesysid;
+	use_super = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
+	use_createdb = ((Form_pg_shadow) GETSTRUCT(utup))->usecreatedb;
 
 	/* Check to make sure user has permission to use createdb */
 	if (!use_createdb)
diff --git a/src/backend/commands/define.c b/src/backend/commands/define.c
index ec1df3f56d..e5d524cd07 100644
--- a/src/backend/commands/define.c
+++ b/src/backend/commands/define.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/define.c,v 1.22 1998/02/13 13:23:33 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/define.c,v 1.23 1998/02/25 13:06:12 scrappy Exp $
  *
  * DESCRIPTION
  *	  The "DefineFoo" routines take the parse tree and pick out the
@@ -52,7 +52,7 @@
 #include <commands/defrem.h>
 #include <optimizer/xfunc.h>
 #include <tcop/dest.h>
-#include <catalog/pg_user.h>
+#include <catalog/pg_shadow.h>
 
 static char *defGetString(DefElem *def);
 static int	defGetTypeLength(DefElem *def);
diff --git a/src/backend/commands/proclang.c b/src/backend/commands/proclang.c
index 77d81ff198..870a0fb65a 100644
--- a/src/backend/commands/proclang.c
+++ b/src/backend/commands/proclang.c
@@ -11,7 +11,7 @@
 
 #include "access/heapam.h"
 #include "catalog/catname.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "catalog/pg_proc.h"
 #include "catalog/pg_language.h"
 #include "utils/syscache.h"
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index ef4b28e93d..05506fd93f 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -21,7 +21,7 @@
 #include <miscadmin.h>
 #include <catalog/catname.h>
 #include <catalog/pg_database.h>
-#include <catalog/pg_user.h>
+#include <catalog/pg_shadow.h>
 #include <libpq/crypt.h>
 #include <access/heapam.h>
 #include <access/xact.h>
@@ -38,7 +38,7 @@ static void CheckPgUserAclNotNull(void);
 /*---------------------------------------------------------------------
  * UpdatePgPwdFile
  *
- * copy the modified contents of pg_user to a file used by the postmaster
+ * copy the modified contents of pg_shadow to a file used by the postmaster
  * for user authentication.  The file is stored as $PGDATA/pg_pwd.
  *---------------------------------------------------------------------
  */
@@ -56,11 +56,11 @@ void UpdatePgPwdFile(char* sql) {
   tempname = (char*)malloc(strlen(filename) + 12);
   sprintf(tempname, "%s.%d", filename, MyProcPid);
 
-  /* Copy the contents of pg_user to the pg_pwd ASCII file using a the SEPCHAR
+  /* Copy the contents of pg_shadow to the pg_pwd ASCII file using a the SEPCHAR
    * character as the delimiter between fields.  Then rename the file to its
    * final name.
    */
-  sprintf(sql, "copy %s to '%s' using delimiters %s", UserRelationName, tempname, CRYPT_PWD_FILE_SEPCHAR);
+  sprintf(sql, "copy %s to '%s' using delimiters %s", ShadowRelationName, tempname, CRYPT_PWD_FILE_SEPCHAR);
   pg_exec_query(sql, (char**)NULL, (Oid*)NULL, 0);
   rename(tempname, filename);
   free((void*)tempname);
@@ -76,15 +76,15 @@ void UpdatePgPwdFile(char* sql) {
 /*---------------------------------------------------------------------
  * DefineUser
  *
- * Add the user to the pg_user relation, and if specified make sure the
+ * Add the user to the pg_shadow relation, and if specified make sure the
  * user is specified in the desired groups of defined in pg_group.
  *---------------------------------------------------------------------
  */
 void DefineUser(CreateUserStmt *stmt) {
 
   char*            pg_user;
-  Relation         pg_user_rel;
-  TupleDesc        pg_user_dsc;
+  Relation         pg_shadow_rel;
+  TupleDesc        pg_shadow_dsc;
   HeapScanDesc     scan;
   HeapTuple        tuple;
   Datum            datum;
@@ -101,34 +101,34 @@ void DefineUser(CreateUserStmt *stmt) {
   if (!(inblock = IsTransactionBlock()))
     BeginTransactionBlock();
 
-  /* Make sure the user attempting to create a user can insert into the pg_user
+  /* Make sure the user attempting to create a user can insert into the pg_shadow
    * relation.
    */
   pg_user = GetPgUserName();
-  if (pg_aclcheck(UserRelationName, pg_user, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK) {
+  if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK) {
     UserAbortTransactionBlock();
     elog(ERROR, "defineUser: user \"%s\" does not have SELECT and INSERT privilege for \"%s\"",
-               pg_user, UserRelationName);
+               pg_user, ShadowRelationName);
     return;
   }
 
-  /* Scan the pg_user relation to be certain the user doesn't already exist.
+  /* Scan the pg_shadow relation to be certain the user doesn't already exist.
    */
-  pg_user_rel = heap_openr(UserRelationName);
-  pg_user_dsc = RelationGetTupleDescriptor(pg_user_rel);
-  /* Secure a write lock on pg_user so we can be sure of what the next usesysid
+  pg_shadow_rel = heap_openr(ShadowRelationName);
+  pg_shadow_dsc = RelationGetTupleDescriptor(pg_shadow_rel);
+  /* Secure a write lock on pg_shadow so we can be sure of what the next usesysid
    * should be.
    */
-  RelationSetLockForWrite(pg_user_rel);
+  RelationSetLockForWrite(pg_shadow_rel);
 
-  scan = heap_beginscan(pg_user_rel, false, false, 0, NULL);
+  scan = heap_beginscan(pg_shadow_rel, false, false, 0, NULL);
   while (HeapTupleIsValid(tuple = heap_getnext(scan, 0, &buffer))) {
-    datum = heap_getattr(tuple, Anum_pg_user_usename, pg_user_dsc, &n);
+    datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_shadow_dsc, &n);
 
     if (!exists && !strncmp((char*)datum, stmt->user, strlen(stmt->user)))
       exists = true;
 
-    datum = heap_getattr(tuple, Anum_pg_user_usesysid, pg_user_dsc, &n);
+    datum = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &n);
     if ((int)datum > max_id)
       max_id = (int)datum;
 
@@ -137,8 +137,8 @@ void DefineUser(CreateUserStmt *stmt) {
   heap_endscan(scan);
 
   if (exists) {
-    RelationUnsetLockForWrite(pg_user_rel);
-    heap_close(pg_user_rel);
+    RelationUnsetLockForWrite(pg_shadow_rel);
+    heap_close(pg_shadow_rel);
     UserAbortTransactionBlock();
     elog(ERROR, "defineUser: user \"%s\" has already been created", stmt->user);
     return;
@@ -146,7 +146,7 @@ void DefineUser(CreateUserStmt *stmt) {
 
   /* Build the insert statment to be executed.
    */
-  sprintf(sql, "insert into %s(usename,usesysid,usecreatedb,usetrace,usesuper,usecatupd,passwd", UserRelationName);
+  sprintf(sql, "insert into %s(usename,usesysid,usecreatedb,usetrace,usesuper,usecatupd,passwd", ShadowRelationName);
 /*  if (stmt->password)
     strcat(sql, ",passwd"); -- removed so that insert empty string when no password */
   if (stmt->validUntil)
@@ -186,8 +186,8 @@ void DefineUser(CreateUserStmt *stmt) {
   /* This goes after the UpdatePgPwdFile to be certain that two backends to not
    * attempt to write to the pg_pwd file at the same time.
    */
-  RelationUnsetLockForWrite(pg_user_rel);
-  heap_close(pg_user_rel);
+  RelationUnsetLockForWrite(pg_shadow_rel);
+  heap_close(pg_shadow_rel);
 
   if (IsTransactionBlock() && !inblock)
     EndTransactionBlock();
@@ -197,8 +197,8 @@ void DefineUser(CreateUserStmt *stmt) {
 extern void AlterUser(AlterUserStmt *stmt) {
 
   char*            pg_user;
-  Relation         pg_user_rel;
-  TupleDesc        pg_user_dsc;
+  Relation         pg_shadow_rel;
+  TupleDesc        pg_shadow_dsc;
   HeapScanDesc     scan;
   HeapTuple        tuple;
   Datum            datum;
@@ -214,29 +214,29 @@ extern void AlterUser(AlterUserStmt *stmt) {
   if (!(inblock = IsTransactionBlock()))
     BeginTransactionBlock();
 
-  /* Make sure the user attempting to create a user can insert into the pg_user
+  /* Make sure the user attempting to create a user can insert into the pg_shadow
    * relation.
    */
   pg_user = GetPgUserName();
-  if (pg_aclcheck(UserRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK) {
+  if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK) {
     UserAbortTransactionBlock();
     elog(ERROR, "alterUser: user \"%s\" does not have SELECT and UPDATE privilege for \"%s\"",
-               pg_user, UserRelationName);
+               pg_user, ShadowRelationName);
     return;
   }
 
-  /* Scan the pg_user relation to be certain the user exists.
+  /* Scan the pg_shadow relation to be certain the user exists.
    */
-  pg_user_rel = heap_openr(UserRelationName);
-  pg_user_dsc = RelationGetTupleDescriptor(pg_user_rel);
-  /* Secure a write lock on pg_user so we can be sure that when the dump of
+  pg_shadow_rel = heap_openr(ShadowRelationName);
+  pg_shadow_dsc = RelationGetTupleDescriptor(pg_shadow_rel);
+  /* Secure a write lock on pg_shadow so we can be sure that when the dump of
    * the pg_pwd file is done, there is not another backend doing the same.
    */
-  RelationSetLockForWrite(pg_user_rel);
+  RelationSetLockForWrite(pg_shadow_rel);
 
-  scan = heap_beginscan(pg_user_rel, false, false, 0, NULL);
+  scan = heap_beginscan(pg_shadow_rel, false, false, 0, NULL);
   while (HeapTupleIsValid(tuple = heap_getnext(scan, 0, &buffer))) {
-    datum = heap_getattr(tuple, Anum_pg_user_usename, pg_user_dsc, &n);
+    datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_shadow_dsc, &n);
 
     if (!strncmp((char*)datum, stmt->user, strlen(stmt->user))) {
       exists = true;
@@ -247,8 +247,8 @@ extern void AlterUser(AlterUserStmt *stmt) {
   heap_endscan(scan);
 
   if (!exists) {
-    RelationUnsetLockForWrite(pg_user_rel);
-    heap_close(pg_user_rel);
+    RelationUnsetLockForWrite(pg_shadow_rel);
+    heap_close(pg_shadow_rel);
     UserAbortTransactionBlock();
     elog(ERROR, "alterUser: user \"%s\" does not exist", stmt->user);
     return;
@@ -256,7 +256,7 @@ extern void AlterUser(AlterUserStmt *stmt) {
 
   /* Create the update statement to modify the user.
    */
-  sprintf(sql, "update %s set", UserRelationName);
+  sprintf(sql, "update %s set", ShadowRelationName);
   sql_end = sql;
   if (stmt->password) {
     sql_end += strlen(sql_end);
@@ -296,8 +296,8 @@ extern void AlterUser(AlterUserStmt *stmt) {
 
   UpdatePgPwdFile(sql);
 
-  RelationUnsetLockForWrite(pg_user_rel);
-  heap_close(pg_user_rel);
+  RelationUnsetLockForWrite(pg_shadow_rel);
+  heap_close(pg_shadow_rel);
 
   if (IsTransactionBlock() && !inblock)
     EndTransactionBlock();
@@ -307,7 +307,7 @@ extern void AlterUser(AlterUserStmt *stmt) {
 extern void RemoveUser(char* user) {
 
   char*            pg_user;
-  Relation         pg_user_rel,
+  Relation         pg_shadow_rel,
                    pg_rel;
   TupleDesc        pg_dsc;
   HeapScanDesc     scan;
@@ -324,33 +324,33 @@ extern void RemoveUser(char* user) {
   if (!(inblock = IsTransactionBlock()))
     BeginTransactionBlock();
 
-  /* Make sure the user attempting to create a user can delete from the pg_user
+  /* Make sure the user attempting to create a user can delete from the pg_shadow
    * relation.
    */
   pg_user = GetPgUserName();
-  if (pg_aclcheck(UserRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK) {
+  if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK) {
     UserAbortTransactionBlock();
     elog(ERROR, "removeUser: user \"%s\" does not have SELECT and DELETE privilege for \"%s\"",
-               pg_user, UserRelationName);
+               pg_user, ShadowRelationName);
     return;
   }
 
-  /* Perform a scan of the pg_user relation to find the usesysid of the user to
+  /* Perform a scan of the pg_shadow relation to find the usesysid of the user to
    * be deleted.  If it is not found, then return a warning message.
    */
-  pg_user_rel = heap_openr(UserRelationName);
-  pg_dsc = RelationGetTupleDescriptor(pg_user_rel);
-  /* Secure a write lock on pg_user so we can be sure that when the dump of
+  pg_shadow_rel = heap_openr(ShadowRelationName);
+  pg_dsc = RelationGetTupleDescriptor(pg_shadow_rel);
+  /* Secure a write lock on pg_shadow so we can be sure that when the dump of
    * the pg_pwd file is done, there is not another backend doing the same.
    */
-  RelationSetLockForWrite(pg_user_rel);
+  RelationSetLockForWrite(pg_shadow_rel);
 
-  scan = heap_beginscan(pg_user_rel, false, false, 0, NULL);
+  scan = heap_beginscan(pg_shadow_rel, false, false, 0, NULL);
   while (HeapTupleIsValid(tuple = heap_getnext(scan, 0, &buffer))) {
-    datum = heap_getattr(tuple, Anum_pg_user_usename, pg_dsc, &n);
+    datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_dsc, &n);
 
     if (!strncmp((char*)datum, user, strlen(user))) {
-      usesysid = (int)heap_getattr(tuple, Anum_pg_user_usesysid, pg_dsc, &n);
+      usesysid = (int)heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_dsc, &n);
       ReleaseBuffer(buffer);
       break;
     }
@@ -359,8 +359,8 @@ extern void RemoveUser(char* user) {
   heap_endscan(scan);
 
   if (usesysid == -1) {
-    RelationUnsetLockForWrite(pg_user_rel);
-    heap_close(pg_user_rel);
+    RelationUnsetLockForWrite(pg_shadow_rel);
+    heap_close(pg_shadow_rel);
     UserAbortTransactionBlock();
     elog(ERROR, "removeUser: user \"%s\" does not exist", user);
     return;
@@ -399,8 +399,8 @@ extern void RemoveUser(char* user) {
   if (dbase)
     free((void*)dbase);
 
-  /* Since pg_user is global over all databases, one of two things must be done
-   * to insure complete consistency.  First, pg_user could be made non-global.
+  /* Since pg_shadow is global over all databases, one of two things must be done
+   * to insure complete consistency.  First, pg_shadow could be made non-global.
    * This would elminate the code above for deleting database and would require
    * the addition of code to delete tables, views, etc owned by the user.
    *
@@ -414,15 +414,15 @@ extern void RemoveUser(char* user) {
    *
    */
 
-  /* Remove the user from the pg_user table
+  /* Remove the user from the pg_shadow table
    */
-  sprintf(sql, "delete from %s where usename = '%s'", UserRelationName, user);
+  sprintf(sql, "delete from %s where usename = '%s'", ShadowRelationName, user);
   pg_exec_query(sql, (char**)NULL, (Oid*)NULL, 0);
 
   UpdatePgPwdFile(sql);
 
-  RelationUnsetLockForWrite(pg_user_rel);
-  heap_close(pg_user_rel);
+  RelationUnsetLockForWrite(pg_shadow_rel);
+  heap_close(pg_shadow_rel);
 
   if (IsTransactionBlock() && !inblock)
     EndTransactionBlock();
@@ -431,25 +431,25 @@ extern void RemoveUser(char* user) {
 /*
  * CheckPgUserAclNotNull
  *
- * check to see if there is an ACL on pg_user
+ * check to see if there is an ACL on pg_shadow
  */
 static void CheckPgUserAclNotNull()
 {
 HeapTuple htp;
 
-	htp = SearchSysCacheTuple(RELNAME, PointerGetDatum(UserRelationName),
+	htp = SearchSysCacheTuple(RELNAME, PointerGetDatum(ShadowRelationName),
 							  0, 0, 0);
 	if (!HeapTupleIsValid(htp))
 	{
 		elog(ERROR, "IsPgUserAclNull: class \"%s\" not found",
-			 UserRelationName);
+			 ShadowRelationName);
 	}
 
 	if (heap_attisnull(htp, Anum_pg_class_relacl))
 	{
-		elog(NOTICE, "To use passwords, you have to revoke permissions on pg_user");
+		elog(NOTICE, "To use passwords, you have to revoke permissions on pg_shadow");
 		elog(NOTICE, "so normal users can not read the passwords.");
-		elog(ERROR, "Try 'REVOKE ALL ON pg_user FROM PUBLIC'");
+		elog(ERROR, "Try 'REVOKE ALL ON pg_shadow FROM PUBLIC'");
 	}
 	
 	return;
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index be29eff5a8..2ea1f703cc 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.25 1998/01/31 20:12:06 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.26 1998/02/25 13:06:49 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -605,7 +605,7 @@ static void readPasswordPacket(char *arg, PacketLen len, char *pkt)
 
 /*
  * Use the local flat password file if clear passwords are used and the file is
- * specified.  Otherwise use the password in the pg_user table, encrypted or
+ * specified.  Otherwise use the password in the pg_shadow table, encrypted or
  * not.
  */
 
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index dbda5e3e2b..e6d3a7cf43 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -1,7 +1,7 @@
 /*-------------------------------------------------------------------------
  *
  * crypt.c--
- *        Look into pg_user and check the encrypted password with the one
+ *        Look into pg_shadow and check the encrypted password with the one
  *        passed in from the frontend.
  *
  * Modification History
@@ -119,7 +119,7 @@ void crypt_loadpwdfile() {
 
   /* We want to delete the flag file before reading the contents of the pg_pwd
    * file.  If result == 0 then the unlink of the reload file was successful.
-   * This means that a backend performed a COPY of the pg_user file to
+   * This means that a backend performed a COPY of the pg_shadow file to
    * pg_pwd.  Therefore we must now do a reload.
    */
   if (!pwd_cache || !result) {
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 76a491c96d..2c932b2e51 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.4 1998/02/18 07:25:57 thomas Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.5 1998/02/25 13:07:08 scrappy Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -88,7 +88,7 @@ Oid	param_type(int t); /* used in parse_expr.c */
 	char				chr;
 	char				*str;
 	bool				boolean;
-	bool*				pboolean;	/* for pg_user privileges */
+	bool*				pboolean;	/* for pg_shadow privileges */
 	List				*list;
 	Node				*node;
 	Value				*value;
diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c
index 1191507685..b38949fba4 100644
--- a/src/backend/rewrite/rewriteHandler.c
+++ b/src/backend/rewrite/rewriteHandler.c
@@ -6,7 +6,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteHandler.c,v 1.12 1998/02/21 06:31:57 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteHandler.c,v 1.13 1998/02/25 13:07:18 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -32,7 +32,7 @@
 
 #include "utils/syscache.h"
 #include "utils/acl.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 
 static void ApplyRetrieveRule(Query *parsetree, RewriteRule *rule,
 				  int rt_index, int relation_level,
@@ -827,7 +827,7 @@ CheckViewPerms(Relation view, List *rtable)
 						view->rd_rel->relowner);
 	}
 	StrNCpy(uname.data,
-			((Form_pg_user) GETSTRUCT(utup))->usename.data,
+			((Form_pg_shadow) GETSTRUCT(utup))->usename.data,
 			NAMEDATALEN);
 
 	/*
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index afc4075de0..62a977b3fe 100644
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.25 1998/02/24 03:31:47 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.26 1998/02/25 13:07:43 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -19,7 +19,7 @@
 #include "utils/acl.h"
 #include "utils/syscache.h"
 #include "catalog/catalog.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "miscadmin.h"
 
 static char *getid(char *s, char *n);
@@ -158,7 +158,7 @@ aclparse(char *s, AclItem *aip, unsigned *modechg)
 									  0, 0, 0);
 			if (!HeapTupleIsValid(htp))
 				elog(ERROR, "aclparse: non-existent user \"%s\"", name);
-			aip->ai_id = ((Form_pg_user) GETSTRUCT(htp))->usesysid;
+			aip->ai_id = ((Form_pg_shadow) GETSTRUCT(htp))->usesysid;
 			break;
 		case ACL_IDTYPE_GID:
 			aip->ai_id = get_grosysid(name);
@@ -285,7 +285,7 @@ aclitemout(AclItem *aip)
 				pfree(tmp);
 			}
 			else
-				strncat(p, (char *) &((Form_pg_user)
+				strncat(p, (char *) &((Form_pg_shadow)
 									  GETSTRUCT(htp))->usename,
 						sizeof(NameData));
 			break;
diff --git a/src/backend/utils/cache/syscache.c b/src/backend/utils/cache/syscache.c
index e1b01f735b..6f028de93a 100644
--- a/src/backend/utils/cache/syscache.c
+++ b/src/backend/utils/cache/syscache.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/cache/syscache.c,v 1.14 1998/02/11 19:12:49 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/cache/syscache.c,v 1.15 1998/02/25 13:07:50 scrappy Exp $
  *
  * NOTES
  *	  These routines allow the parser/planner/executor to perform
@@ -48,7 +48,7 @@
 #include "catalog/pg_type.h"
 #include "catalog/pg_rewrite.h"
 #include "catalog/pg_aggregate.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "storage/large_object.h"
 #include "catalog/pg_listener.h"
 
@@ -254,22 +254,22 @@ static struct cachedesc cacheinfo[] = {
 		sizeof(FormData_pg_listener),
 		NULL,
 	(ScanFunc) NULL},
-	{UserRelationName,			/* USENAME */
+	{ShadowRelationName,			/* USENAME */
 		1,
-		{Anum_pg_user_usename,
+		{Anum_pg_shadow_usename,
 			0,
 			0,
 		0},
-		sizeof(FormData_pg_user),
+		sizeof(FormData_pg_shadow),
 		NULL,
 	(ScanFunc) NULL},
-	{UserRelationName,			/* USESYSID */
+	{ShadowRelationName,			/* USESYSID */
 		1,
-		{Anum_pg_user_usesysid,
+		{Anum_pg_shadow_usesysid,
 			0,
 			0,
 		0},
-		sizeof(FormData_pg_user),
+		sizeof(FormData_pg_shadow),
 		NULL,
 	(ScanFunc) NULL},
 	{GroupRelationName,			/* GRONAME */
diff --git a/src/backend/utils/init/globals.c b/src/backend/utils/init/globals.c
index 71ccc417fe..7d11867688 100644
--- a/src/backend/utils/init/globals.c
+++ b/src/backend/utils/init/globals.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/init/globals.c,v 1.19 1998/01/26 01:41:42 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/init/globals.c,v 1.20 1998/02/25 13:08:00 scrappy Exp $
  *
  * NOTES
  *	  Globals used all over the place should be declared here and not
@@ -110,7 +110,7 @@ char	   *SharedSystemRelationNames[] = {
 	DatabaseRelationName,
 	GroupRelationName,
 	LogRelationName,
-	UserRelationName,
+	ShadowRelationName,
 	VariableRelationName,
 	0
 };
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index 9bc13907dc..359adfb25b 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.10 1998/02/24 15:20:16 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.11 1998/02/25 13:08:09 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -32,7 +32,7 @@
 #include "miscadmin.h"			/* where the declarations go */
 
 #include "catalog/catname.h"
-#include "catalog/pg_user.h"
+#include "catalog/pg_shadow.h"
 #include "catalog/pg_proc.h"
 #include "utils/syscache.h"
 
@@ -483,6 +483,6 @@ SetUserId()
 	if (!HeapTupleIsValid(userTup))
 		elog(FATAL, "SetUserId: user \"%s\" is not in \"%s\"",
 			 userName,
-			 UserRelationName);
-	UserId = (Oid) ((Form_pg_user) GETSTRUCT(userTup))->usesysid;
+			 ShadowRelationName);
+	UserId = (Oid) ((Form_pg_shadow) GETSTRUCT(userTup))->usesysid;
 }
diff --git a/src/backend/utils/misc/superuser.c b/src/backend/utils/misc/superuser.c
index bfc6efdeae..c2af5a182a 100644
--- a/src/backend/utils/misc/superuser.c
+++ b/src/backend/utils/misc/superuser.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.4 1997/09/08 02:32:00 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.5 1998/02/25 13:08:23 scrappy Exp $
  *
  * DESCRIPTION
  *	  See superuser().
@@ -17,7 +17,7 @@
 
 #include <postgres.h>
 #include <utils/syscache.h>
-#include <catalog/pg_user.h>
+#include <catalog/pg_shadow.h>
 
 bool
 superuser(void)
@@ -33,5 +33,5 @@ superuser(void)
 	utup = SearchSysCacheTuple(USENAME, PointerGetDatum(UserName),
 							   0, 0, 0);
 	Assert(utup != NULL);
-	return ((Form_pg_user) GETSTRUCT(utup))->usesuper;
+	return ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
 }
diff --git a/src/bin/createuser/createuser.sh b/src/bin/createuser/createuser.sh
index 3914901810..ea510a61ee 100644
--- a/src/bin/createuser/createuser.sh
+++ b/src/bin/createuser/createuser.sh
@@ -8,7 +8,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/createuser/Attic/createuser.sh,v 1.8 1997/05/07 02:59:46 scrappy Exp $
+#    $Header: /cvsroot/pgsql/src/bin/createuser/Attic/createuser.sh,v 1.9 1998/02/25 13:08:37 scrappy Exp $
 #
 # Note - this should NOT be setuid.
 #
@@ -203,7 +203,7 @@ else
     CANADDUSER=f
 fi
 
-QUERY="insert into pg_user \
+QUERY="insert into pg_shadow \
         (usename, usesysid, usecreatedb, usetrace, usesuper, usecatupd) \
        values \
          ('$NEWUSER', $SYSID, '$CANCREATE', 't', '$CANADDUSER','t')"
diff --git a/src/bin/destroyuser/destroyuser.sh b/src/bin/destroyuser/destroyuser.sh
index ec32912827..fb5bcaeedd 100644
--- a/src/bin/destroyuser/destroyuser.sh
+++ b/src/bin/destroyuser/destroyuser.sh
@@ -8,7 +8,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/destroyuser/Attic/destroyuser.sh,v 1.7 1997/05/07 02:59:52 scrappy Exp $
+#    $Header: /cvsroot/pgsql/src/bin/destroyuser/Attic/destroyuser.sh,v 1.8 1998/02/25 13:08:55 scrappy Exp $
 #
 # Note - this should NOT be setuid.
 #
@@ -182,7 +182,7 @@ then
     done
 fi
 
-QUERY="delete from pg_user where usename = '$DELUSER'"
+QUERY="delete from pg_shadow where usename = '$DELUSER'"
 
 $PSQL -c "$QUERY" template1
 if [ $? -ne 0 ]
diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh
index c75a090b48..423491975d 100644
--- a/src/bin/initdb/initdb.sh
+++ b/src/bin/initdb/initdb.sh
@@ -26,7 +26,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.36 1998/02/23 20:32:40 scrappy Exp $
+#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.37 1998/02/25 13:09:02 scrappy Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -351,21 +351,32 @@ echo "vacuuming template1"
 echo "vacuum" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "^DEBUG:"
 
-echo "COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'" |\
+echo "COPY pg_shadow TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'" |\
 	postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "'DEBUG:"
 
-echo "GRANT SELECT ON pg_class TO PUBLIC" |\
-	 postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
-
-echo "CREATE RULE pg_user_hide_pw as on SELECT to pg_user.passwd DO INSTEAD SELECT '********' as passwd;" | \
+echo "creating public pg_user view"
+echo "CREATE TABLE xpg_user (		\
+	    usename	name,		\
+	    usesysid	int4,		\
+	    usecreatedb	bool,		\
+	    usetrace	bool,		\
+	    usesuper	bool,		\
+	    usecatupd	bool,		\
+	    passwd		text,		\
+	    valuntil	abstime);" |\
 	postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "'DEBUG:"
-
-echo "create view db_user as select * from pg_user;" |\
+echo "UPDATE pg_class SET relname = 'pg_user' WHERE relname = 'xpg_user';" |\
 	postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "'DEBUG:"
-echo "grant select on db_user to public" |\
+echo "CREATE RULE _RETpg_user AS ON SELECT TO pg_user DO INSTEAD	\
+	    SELECT usename, usesysid, usecreatedb, usetrace,		\
+	           usesuper, usecatupd, '********'::text as passwd,	\
+		   valuntil FROM pg_shadow;" |\
+	postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
+	grep -v "'DEBUG:"
+echo "REVOKE ALL on pg_shadow FROM public" |\
 	postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "'DEBUG:"
 
diff --git a/src/include/catalog/catname.h b/src/include/catalog/catname.h
index 4b1b082885..04d1696d76 100644
--- a/src/include/catalog/catname.h
+++ b/src/include/catalog/catname.h
@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: catname.h,v 1.8 1997/11/15 20:57:38 momjian Exp $
+ * $Id: catname.h,v 1.9 1998/02/25 13:09:21 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -35,9 +35,9 @@
 #define  ProcedureRelationName "pg_proc"
 #define  RelationRelationName "pg_class"
 #define  RewriteRelationName "pg_rewrite"
+#define  ShadowRelationName "pg_shadow"
 #define  StatisticRelationName "pg_statistic"
 #define  TypeRelationName "pg_type"
-#define  UserRelationName "pg_user"
 #define  VariableRelationName "pg_variable"
 #define  VersionRelationName "pg_version"
 #define  AttrDefaultRelationName "pg_attrdef"
diff --git a/src/include/catalog/pg_attribute.h b/src/include/catalog/pg_attribute.h
index 5dd861f9aa..2fc383a50c 100644
--- a/src/include/catalog/pg_attribute.h
+++ b/src/include/catalog/pg_attribute.h
@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_attribute.h,v 1.28 1998/02/13 19:46:09 momjian Exp $
+ * $Id: pg_attribute.h,v 1.29 1998/02/25 13:09:24 scrappy Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -275,7 +275,7 @@ DATA(insert OID = 0 ( 1255 xmax				28 0  4  -5 0 -1 -1 f f i f f));
 DATA(insert OID = 0 ( 1255 cmax				29 0  4  -6 0 -1 -1 t f i f f));
 
 /* ----------------
- *		pg_user
+ *		pg_shadow
  * ----------------
  */
 DATA(insert OID = 0 ( 1260 usename		19  0 NAMEDATALEN   1 0 -1 -1 f f i f f));
diff --git a/src/include/catalog/pg_class.h b/src/include/catalog/pg_class.h
index b70ceba2ce..0ff0eee91a 100644
--- a/src/include/catalog/pg_class.h
+++ b/src/include/catalog/pg_class.h
@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_class.h,v 1.18 1998/01/16 23:20:52 momjian Exp $
+ * $Id: pg_class.h,v 1.19 1998/02/25 13:09:25 scrappy Exp $
  *
  * NOTES
  *	  ``pg_relation'' is being replaced by ``pg_class''.  currently
@@ -125,7 +125,7 @@ DATA(insert OID = 1255 (  pg_proc 81		  PGUID 0 0 0 f f r 16 0 0 f _null_ ));
 DESCR("");
 DATA(insert OID = 1259 (  pg_class 83		  PGUID 0 0 0 f f r 14 0 0 f _null_ ));
 DESCR("");
-DATA(insert OID = 1260 (  pg_user 86		  PGUID 0 0 0 f t r 8  0 0 f _null_ ));
+DATA(insert OID = 1260 (  pg_shadow 86		  PGUID 0 0 0 f t r 8  0 0 f _null_ ));
 DESCR("");
 DATA(insert OID = 1261 (  pg_group 87		  PGUID 0 0 0 f t s 3  0 0 f _null_ ));
 DESCR("");
@@ -146,7 +146,7 @@ DESCR("");
 #define RelOid_pg_attribute		1249
 #define RelOid_pg_proc			1255
 #define RelOid_pg_class			1259
-#define RelOid_pg_user			1260
+#define RelOid_pg_shadow		1260
 #define RelOid_pg_group			1261
 #define RelOid_pg_database		1262
 #define RelOid_pg_variable		1264
diff --git a/src/include/catalog/pg_shadow.h b/src/include/catalog/pg_shadow.h
new file mode 100644
index 0000000000..67c0191a91
--- /dev/null
+++ b/src/include/catalog/pg_shadow.h
@@ -0,0 +1,105 @@
+/*-------------------------------------------------------------------------
+ *
+ * pg_shadow.h--
+ *	  definition of the system "shadow" relation (pg_shadow)
+ *	  along with the relation's initial contents.
+ *        pg_user is now a public accessible view on pg_shadow.
+ *
+ *
+ * Copyright (c) 1994, Regents of the University of California
+ *
+ * $Id: pg_shadow.h,v 1.1 1998/02/25 13:09:26 scrappy Exp $
+ *
+ * NOTES
+ *	  the genbki.sh script reads this file and generates .bki
+ *	  information from the DATA() statements.
+ *
+ *        WHENEVER the definition for pg_shadow changes, the
+ *        view creation of pg_user must be changed in initdb.sh!
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef PG_SHADOW_H
+#define PG_SHADOW_H
+
+
+/* Prototype required for superuser() from superuser.c */
+
+bool		superuser(void);
+
+/* ----------------
+ *		pg_shadow definition.  cpp turns this into
+ *		typedef struct FormData_pg_shadow
+ * ----------------
+ */
+CATALOG(pg_shadow) BOOTSTRAP
+{
+	NameData	usename;
+	int4		usesysid;
+	bool		usecreatedb;
+	bool		usetrace;
+	bool		usesuper;
+	bool		usecatupd;
+	text		passwd;
+	int4		valuntil;
+} FormData_pg_shadow;
+
+/* ----------------
+ *		Form_pg_shadow corresponds to a pointer to a tuple with
+ *		the format of pg_shadow relation.
+ * ----------------
+ */
+typedef FormData_pg_shadow *Form_pg_shadow;
+
+/* ----------------
+ *		compiler constants for pg_shadow
+ * ----------------
+ */
+#define Natts_pg_shadow				8
+#define Anum_pg_shadow_usename			1
+#define Anum_pg_shadow_usesysid			2
+#define Anum_pg_shadow_usecreatedb		3
+#define Anum_pg_shadow_usetrace			4
+#define Anum_pg_shadow_usesuper			5
+#define Anum_pg_shadow_usecatupd		6
+#define Anum_pg_shadow_passwd			7
+#define Anum_pg_shadow_valuntil			8
+
+/* ----------------
+ *		initial contents of pg_shadow
+ * ----------------
+ */
+DATA(insert OID = 0 ( postgres PGUID t t t t _null_ 2116994400 ));
+
+BKI_BEGIN
+#ifdef ALLOW_PG_GROUP
+BKI_END
+
+DATA(insert OID = 0 ( mike 799 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( mao 1806 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( hellers 1089 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( joey 5209 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( jolly 5443 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( sunita 6559 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( paxson 3029 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( marc 2435 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( jiangwu 6124 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( aoki 2360 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( avi 31080 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( kristin 1123 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( andrew 5229 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( nobuko 5493 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( hartzell 6676 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( devine 6724 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( boris 6396 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( sklower 354 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( marcel 31113 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( ginger 3692 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( woodruff 31026 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( searcher 8261 t t t t _null_ 2116994400 ));
+
+BKI_BEGIN
+#endif							/* ALLOW_PG_GROUP */
+BKI_END
+
+#endif							/* PG_SHADOW_H */
diff --git a/src/include/catalog/pg_type.h b/src/include/catalog/pg_type.h
index f3e68b9f37..49f8b10094 100644
--- a/src/include/catalog/pg_type.h
+++ b/src/include/catalog/pg_type.h
@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_type.h,v 1.33 1998/02/10 16:04:10 momjian Exp $
+ * $Id: pg_type.h,v 1.34 1998/02/25 13:09:27 scrappy Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -212,7 +212,7 @@ DATA(insert OID = 71 (	pg_type		 PGUID 1 1 t b t \054 1247 0 foo bar foo bar c _
 DATA(insert OID = 75 (	pg_attribute PGUID 1 1 t b t \054 1249 0 foo bar foo bar c _null_));
 DATA(insert OID = 81 (	pg_proc		 PGUID 1 1 t b t \054 1255 0 foo bar foo bar c _null_));
 DATA(insert OID = 83 (	pg_class	 PGUID 1 1 t b t \054 1259 0 foo bar foo bar c _null_));
-DATA(insert OID = 86 (	pg_user		 PGUID 1 1 t b t \054 1260 0 foo bar foo bar c _null_));
+DATA(insert OID = 86 (	pg_shadow	 PGUID 1 1 t b t \054 1260 0 foo bar foo bar c _null_));
 DATA(insert OID = 87 (	pg_group	 PGUID 1 1 t b t \054 1261 0 foo bar foo bar c _null_));
 DATA(insert OID = 88 (	pg_database  PGUID 1 1 t b t \054 1262 0 foo bar foo bar c _null_));
 DATA(insert OID = 90 (	pg_variable  PGUID 1 1 t b t \054 1264 0 foo bar foo bar c _null_));
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index d1dab54469..d4dd628613 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: acl.h,v 1.15 1998/02/24 03:31:50 scrappy Exp $
+ * $Id: acl.h,v 1.16 1998/02/25 13:09:49 scrappy Exp $
  *
  * NOTES
  *	  For backward-compatability purposes we have to allow there
@@ -39,7 +39,7 @@ typedef uint32 AclId;
 typedef uint8 AclIdType;
 
 #define ACL_IDTYPE_WORLD		0x00
-#define ACL_IDTYPE_UID			0x01	/* user id - from pg_user */
+#define ACL_IDTYPE_UID			0x01	/* user id - from pg_shadow */
 #define ACL_IDTYPE_GID			0x02	/* group id - from pg_group */
 
 /*