From: | Peter Fein <pfein(at)pobox(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: No PUBLIC access by default? |
Date: | 2005-08-12 13:34:23 |
Message-ID: | 42FCA55F.4060406@pobox.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Tom Lane wrote:
> Peter Fein <pfein(at)pobox(dot)com> writes:
>
>>If I read my ACL's correctly, =UC/postgres means full access for PUBLIC.
>> Why is that happening?
>
>
> Because that's the way it's set up in template1. CREATE DATABASE just
> copies the source database, it doesn't editorialize on the contents
> thereof.
Ok. ;) A little further investigation revealed that template0 gives the
same result. It's potentially confusing that template0 is initialized
this way - I couldn't find any indication of such in the manual. In
fact, from CREATE DATABASE:
In particular, by writing TEMPLATE template0, you can create a virgin
database containing only the standard objects predefined by your version
of PostgreSQL.
I guess I'm just surprised that template0 would have *any* ACLs set
(aside from those needed by system catalogs, etc.). It seems to be
favoring convenience by default instead of security by default.
--
Peter Fein pfein(at)pobox(dot)com 773-575-0694
Basically, if you're not a utopianist, you're a schmuck. -J. Feldman
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-08-12 13:37:43 | Re: Access NEW and OLD from function called by a rule |
Previous Message | Ulrich Wisser | 2005-08-12 13:13:18 | vacuum error "left link changed unexpectedly" |