Re: CREATE DATABASE foo OWNER bar - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: CREATE DATABASE foo OWNER bar
Date
Msg-id 200704172051.l3HKp1G29145@momjian.us
Whole thread Raw
In response to Re: CREATE DATABASE foo OWNER bar  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane wrote:
> Larry Rosenman <ler@lerctr.org> writes:
> > I guess the issue is that I'd expect public to be owned by the DB Owner after
> > a CREATE DATABASE foo OWNER bar,
> 
> Why?  Do you expect the system catalogs to be owned by the DB owner?
> What about other random objects that might have been created in the
> template database?  If the DBA has installed nondefault permission
> settings on the public schema or other objects, how do you expect those
> to be transformed?
> 
> I do not actually agree with that TODO item, as I think it requires
> AI-completeness to guess what sorts of changes to apply, and getting
> ownership/permissions wrong would create a significant risk of security
> issues.

Caution added to TODO item:
* Set proper permissions on non-system schemas during db creation  Currently all schemas are owned by the super-user
becausethey  are copied from the template1 database.  However, since all  objects are inherited from the template
database,it is not  clear that setting schemas to the db owner is correct.
 

--  Bruce Momjian  <bruce@momjian.us>          http://momjian.us EnterpriseDB
http://www.enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: CREATE DATABASE foo OWNER bar
Next
From: Heikki Linnakangas
Date:
Subject: Re: Unhelpful debug tools on OS X :-(