From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: public schema default ACL |
Date: | 2020-08-03 17:46:02 |
Message-ID: | c7c14ba9-702c-2b58-1c85-e1a4330c2016@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2020-08-03 15:46, Robert Haas wrote:
> However, if people are used to
> being able to deposit stuff in /usr/bin and you tell them that they
> now can't (because the permissions will henceforth be drwxr-xr-x or
> the directly won't exist at all) then some of them are going to
> complain. I don't know what to do about that: it's a straightforward
> trade-off between security and backward compatibility, and you can't
> have both.
File system conventions, permissions, and restrictions have been changed
many times in the history of Unix, Linux, and the like. Recent examples
are /usr/bin and /bin unification and that /tmp is changing to a
per-user mount. There are of course always a few complaints and some
breakage, but generally this has been going well and is usually
appreciated overall.
The important things in my mind are that you keep an easy onboarding
experience (you can do SQL things without having to create and unlock a
bunch of things first) and that advanced users can do the things they
want to do *somehow*.
As an example, per-user /tmp is not hardcoded into the kernel, it's just
a run-time configuration. If you want it to behave differently, you can
set that up.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Daniel Wood | 2020-08-03 18:06:17 | Re: Reduce/eliminate the impact of FPW |
Previous Message | Wolfgang Walther | 2020-08-03 17:44:53 | Re: Allow an alias to be attached directly to a JOIN ... USING |