Re: inconsistent owners in newly created databases?

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Greg Stark <gsstark(at)mit(dot)edu>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: inconsistent owners in newly created databases?
Date: 2004-05-06 12:06:10
Message-ID: Pine.LNX.4.58.0405061350280.9381@sablons.cri.ensmp.fr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


Dear Greg,

> > I agree with the advantage.
> >
> > But I'm uneasy to know what a special owner would be, pratically speaking.
>
> Well I can't think of anywhere else in the code that would need this special
> case other than creating a database.

I disagree, there are consequences. That could be overcome, but I just
argue that is not "that" simple. For instance:

It means the default setup would have a new user entry for that purpose.
aclitem's are defined by refering to the user number for grantor and
possibly grantee.

It is unclear how the user could change the grantee/grantor of an entry
for that purpose. There is no simple sql interface to access or modify
aclitem entries, it is implemented down GRANT/REVOKE at the time.

Also, could the "special" account be used as a login?
If not, how to prevent it?

Moreover, I'm not convinced yet that this fine granularity of control is
actually required. Well, this opinion may change later!

The last good point is that this changes are quite independent from
putting a hook to modify the initial setup on the first connexion. Thus I
can go ahead about the hook, and think about this later. If this is seen
as useful, then that would just mean that "what is done" by the hook need
be updated.

Thanks for your point, have a nice day,

--
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2004-05-06 12:09:27 Re: SPI_fnumber is case sensitive
Previous Message Andrew Dunstan 2004-05-06 11:50:09 Re: Function to do runtime relative directory mapping