Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > How about if we hard-wire template1 as being no-write to public
> > somewhere in the code, rather than in the db tables?
>
> Seems pretty icky :-(
>
> It occurs to me that maybe we don't need to worry. The main reason why
> we've offered the advice "don't fill template1 with junk" in the past
> is that it was so hard to clear out the junk without zapping built-in
> entries. But now, you really have to work hard at it to shoot yourself
> in the foot that way. If you created junk in template1.public, no
> sweat:
> \c template1 postgres
> DROP SCHEMA public;
> CREATE SCHEMA public;
> -- don't forget to set its permissions appropriately
> (This assumes we get DROP SCHEMA implemented in time for 7.3, but
> I think we can build that based on Rod's pg_depend stuff.) (Which
> I really really gotta review and apply soon.)
>
> I'm of the opinion that template1 and public are not very special
> at the moment; the C-level code doesn't think either of them are
> special, which is why you can drop and recreate them if you have to.
> We should try not to re-introduce any low-level specialness.
It is strange we have to allow template1 open just for client stuff. I
would really like to lock it down read-only. I guess we can tell admins
to lock down public in template1, and all newly created databases will
be the same.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026