dropuser

Prompt for confirmation and the username before user removal

$ dropuser [[-i|--interactive]]

$ dropuser [username]

$ dropuser --if-exists [username]

$ dropuser [[-h|--host]] 127.0.0.1 [[-p|--port]] 4321 [username]

$ dropuser [[-U|--username]] admin [[-h|--host]] 127.0.0.1 [[-p|--port]] 4321 [username]

dropuser [connection-option...] [option...] [username]

-h hostname, --host=hostname
    Specifies the host name of the machine on which the database server is running. If the value starts with a slash, it is used as the directory for the Unix domain socket.

-p port, --port=port
    Specifies the TCP port or local Unix domain socket file extension on which the server is listening for connections.

-U username, --username=username
    User name to connect as. This user must typically have superuser privileges to drop other users.

-w, --no-password
    Never issue a password prompt. If the server requires password authentication and a password is not available by other means (e.g., .pgpass file), the connection attempt will fail.

-W, --password
    Force dropuser to prompt for a password before connecting to a database. This is typically not necessary because dropuser prompts automatically if the server requires password authentication.

-e, --echo
    Echo the SQL commands that dropuser generates and sends to the server. This can be useful for debugging or understanding the underlying operations.

-i, --interactive
    Prompt for confirmation before dropping the user. This is the default behavior if neither -e nor -w is specified.

--if-exists
    Do not throw an error if the user does not exist. A notice is issued in this case. This can be useful in scripts where you're unsure if a user might already be absent.

username
    The name of the PostgreSQL role (user) to be dropped. This is a mandatory argument.

The dropuser utility is a command-line wrapper for the SQL command DROP ROLE. It provides a convenient way to remove existing PostgreSQL roles (often referred to as 'users') from a database cluster without needing to interact directly with the psql interactive terminal. When invoked, dropuser connects to the specified PostgreSQL database (or the default 'postgres' database if none is specified) using the provided connection parameters and then executes the necessary SQL command to delete the user.

It's important to understand that dropuser only removes the role itself. It does not automatically reassign or delete any database objects (like tables, databases, or schemas) that were owned by the user being dropped. These objects will remain in the database but will be owned by the special `(no owner)` role, which can lead to administrative complications. Therefore, it is generally recommended to reassign ownership of all objects from the user to another role before dropping the user.

Dropping a user does not automatically reassign ownership of objects created by that user. Any objects (databases, tables, etc.) owned by the dropped user will remain in existence, but their ownership will be reset to `(no owner)`, potentially causing issues. It is crucial to reassign ownership of all objects to another role or drop them before dropping the user. Furthermore, the user being dropped cannot have any active connections to the database server. If the user owns a database, that database must be dropped or its ownership reassigned before the user can be dropped.

To successfully drop a user, the connecting user specified with -U (or inferred from environment variables) must have `CREATEROLE` privilege or be a superuser. For security reasons, regular users cannot drop other users or themselves.

Several environment variables can be used to specify default connection parameters, avoiding the need to use command-line options repeatedly:

• `PGHOST`: Default host name or IP address of the database server.
• `PGPORT`: Default port number.
• `PGUSER`: Default user name for connection.
• `PGPASSWORD`: Password for connection (caution: not recommended for security reasons; use .pgpass).
• `PGDATABASE`: Default database to connect to (if not specified, defaults to `PGUSER` or `postgres`).

dropuser is an integral part of the PostgreSQL client application suite, which has evolved alongside the PostgreSQL database system itself. PostgreSQL's origins trace back to the POSTGRES project at the University of California, Berkeley, in the mid-1980s. Utilities like dropuser were developed to provide command-line convenience for common administrative tasks, abstracting the raw SQL commands for database administrators and scripting purposes. It has been a standard utility for managing database roles for many versions, reflecting PostgreSQL's commitment to robust and accessible administrative tools.

createuser(1), psql(1), ALTER ROLE (SQL), DROP ROLE (SQL)