logo       
<prev   next>

Re: Default privileges for new databases (was Re: Can't: msg#01926

Subject: Re: Default privileges for new databases (was Re: Can't 
Mostly because a user may explicitly create a database with wanted
permissions, only to have this 'special code' remove them.

I personally intend to immediately revoke permissions on public in
template1, to allow the database owner to grant them as needed.

On Mon, 2002-08-26 at 22:27, Bruce Momjian wrote:
> 
> Sorry, I am confused.  Why can we modify temp's permissions on CREATE
> DATABASE but not public's permissions?
> 
> ---------------------------------------------------------------------------
> 
> Tom Lane wrote:
> > Bruce Momjian <pgman@xxxxxxxxxxxxxxxx> writes:
> > > Have we addressed this?  I don't think so.
> > 
> > No, it's not done yet.  My inclination is
> > 
> > * Template1 has temp table creation and schema creation disabled
> > (disallowed to world) by default.
> > 
> > * CREATE DATABASE sets up new databases with temp table creation allowed
> > to world and schema creation allowed to DB owner only (regardless of
> > what the template database had).  The owner can adjust this default
> > afterwards if he doesn't like it.
> > 
> > It would be nice to lock down the public schema in template1 too, but I
> > see no good way to do that, because CREATE DATABASE can't readily fiddle
> > with protections *inside* the database --- the only games we can play
> > are with the protections stored in the pg_database row itself.  So
> > public's permissions are going to be inherited from the template
> > database, and that means template1's public has to be writable.
> > 
> > Objections anyone?
> > 
> >                     regards, tom lane
> > 
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> >     (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)
> > 
> 
> -- 
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@xxxxxxxxxxxxxxxx               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://archives.postgresql.org
> 



---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/users-lounge/docs/faq.html
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ident-des patches, Bruce Momjian
Next by Date:  Re: Default privileges for new databases (was Re: Can't, Bruce Momjian
Previous by Thread:  Re: Default privileges for new databases (was Re: Can't import, Bruce Momjian
Next by Thread:  Re: Default privileges for new databases (was Re: Can't, Bruce Momjian
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
web.pylons.gene...    hurd.l4/2002-10...    kernel.commits....    user-groups.lin...    yellowdog.gener...    java.drools.use...    security.openva...    package-managem...    linux.debian.us...    qnx.openqnx.dev...    genealogy.gramp...    file-systems.if...    voip.wengophone...    tex.context/200...    ietf.smime/2003...    audio.csound.de...    culture.region....    xfree86.devel/2...    mobile.kannel.u...    distributed.con...    education.engli...    org.user-groups...    bug-tracking.gn...    recreation.bicy...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe