Re: No PUBLIC access by default?

From: Peter Fein <pfein(at)pobox(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, pgsql-general(at)postgresql(dot)org
Subject: Re: No PUBLIC access by default?
Date: 2005-08-12 13:34:23
Message-ID: 42FCA55F.4060406@pobox.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Tom Lane wrote:
> Peter Fein <pfein(at)pobox(dot)com> writes:
>
>>If I read my ACL's correctly, =UC/postgres means full access for PUBLIC.
>> Why is that happening?
>
>
> Because that's the way it's set up in template1. CREATE DATABASE just
> copies the source database, it doesn't editorialize on the contents
> thereof.

Ok. ;) A little further investigation revealed that template0 gives the
same result. It's potentially confusing that template0 is initialized
this way - I couldn't find any indication of such in the manual. In
fact, from CREATE DATABASE:

In particular, by writing TEMPLATE template0, you can create a virgin
database containing only the standard objects predefined by your version
of PostgreSQL.

I guess I'm just surprised that template0 would have *any* ACLs set
(aside from those needed by system catalogs, etc.). It seems to be
favoring convenience by default instead of security by default.

--
Peter Fein pfein(at)pobox(dot)com 773-575-0694

Basically, if you're not a utopianist, you're a schmuck. -J. Feldman

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2005-08-12 13:37:43 Re: Access NEW and OLD from function called by a rule
Previous Message Ulrich Wisser 2005-08-12 13:13:18 vacuum error "left link changed unexpectedly"