Hi hackers, While working with `initdb`, I noticed that passing an empty string to the `-U` option (e.g., `initdb -U ''`) causes it to fail with a misleading error:
performing post-bootstrap initialization ... 2025-07-01 19:48:42.006 PDT
[14888] FATAL: role """ does not exist at character 72
2025-07-01 19:48:42.006 PDT [14888] STATEMENT:
UPDATE pg_class SET relacl = (SELECT array_agg(a.acl) FROM (SELECT
E'=r/""' as acl UNION SELECT unnest(pg_catalog.acldefault( CASE WHEN
relkind = 'S' THEN 's' ELSE 'r' END::"char",10::oid)) ) as a) WHERE
relkind IN ('r', 'v', 'm', 'S') AND relacl IS NULL;
This happens because `initdb` accepts the empty string as a valid role name
and attempts to use it as the database superuser, which is not intended and
fails during bootstrap SQL.
I propose a small patch that treats an empty string passed to `-U` as if
the option was not provided at all — falling back to the current system
user, which is the documented and expected behavior when `-U` is omitted.
This change improves robustness and avoids confusing failure messages due
to user input that is technically invalid but easy to produce (e.g., via
scripting or argument quoting issues).
### Patch summary:
- Checks if the passed `username` is non-null but empty (`'\0'`)
- Replaces it with the effective system user in that case
- Keeps the logic consistent with the existing behavior when `-U` is omitted
Let me know if this approach seems reasonable or if you’d prefer we
explicitly reject empty usernames with an error instead.
Patch attached.
Best regards,
Jianghua Yang
0001-initdb-Treat-empty-U-argument-as-unset-username.patch
Description: Binary data
