Jeff Davis <pgsql@j-davis.com> writes:
> If we allowed an admin to revoke CREATE from the pg_default tablespace,
> then anyone who needed that feature could limit people to their own
> tablespace (at which point it's the filesystem's job to limit their
> usage). Is there some reason that we can't do this now?
The reason it appears not to work now is that the code is deliberately
set up not to check permissions on the database's default tablespace, on
the theory that if you have regular CREATE permissions in the database
then you probably are supposed to be able to create things. However,
if you want to restrict someone to a filesystem-limited tablespace, you
can surely make that tablespace be the default for their database.
This would make the quota include system catalogs as well as "user"
tables, which seems to me a good idea anyway because it's not hard for a
user to bloat the system catalogs. (The fact that pg_largeobject is a
communal table makes per-user quotas useless for BLOB users already.)
Now if you want quota-limited users to share a database with
not-quota-limited users, this doesn't work too well. The non-limited
users can surely be set up with access to a non-default tablespace,
but if the system catalogs hit the quota limit then everyone's gonna
be unhappy.
regards, tom lane
