Re: No PUBLIC access by default?

From: "Guy Rouillier" <guyr(at)masergy(dot)com>
To: <pgsql-general(at)postgresql(dot)org>
Subject: Re: No PUBLIC access by default?
Date: 2005-08-11 21:56:08
Message-ID: CC1CF380F4D70844B01D45982E671B239E8A2D@mtxexch01.add0.masergy.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Peter Fein wrote:
> Hi all-
>
> Is there any way to disable PUBLIC access by default? When I create

You can revoke permissions from the public schema, and you can even
delete the public schema entirely. I did the first:

revoke create on schema public from public
revoke create on tablespace pg_default from public
revoke create on tablespace pg_global from public

If you do this while connect to template1, then all future databases
will have this set up at the time the database is created.

> a new object (table, function, etc.), it has no ACL, as expected.
> However, the first time I run:
>
> GRANT ALL ON FUNCTION foo() to GROUP developers;
>
> Postgress seems to do:
>
> GRANT ALL ON FUNCTION foo() to PUBLIC;
>
> I assume this is b/c no ACL is equivalent to PUBLIC access & this
> gets included when adding specific privileges.
>
> I want *no* PUBLIC access to anything by default for security
> reasons. Is there a way to prevent this behavior?
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org

--
Guy Rouillier

Browse pgsql-general by date

  From Date Subject
Next Message Christian Goetze 2005-08-11 21:59:17 Re: Upgrading 7.3.9 -> 7.4.8 - trouble with blobs
Previous Message Tom Lane 2005-08-11 21:52:05 Re: Upgrading 7.3.9 -> 7.4.8 - trouble with blobs