On Thu, Feb 11, 2021 at 04:08:34AM -0800, Noah Misch wrote:
> On Sun, Jan 17, 2021 at 12:00:06PM +0100, Vik Fearing wrote:
> > On 1/17/21 10:41 AM, Noah Misch wrote:
> > > On Sat, Jan 16, 2021 at 02:05:43PM +0100, Vik Fearing wrote:
> > >> On 12/30/20 12:59 PM, Noah Misch wrote:
> > >>> On Tue, Dec 29, 2020 at 05:49:24AM -0800, Noah Misch wrote:
> > >>>> https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com gave $SUBJECT as
> > >>>> one of the constituent projects for changing the public schema default ACL.
> > >>>> This ended up being simple. Attached.
> > >>>
> > >>> This is defective; it fails to reproduce nspacl after "ALTER SCHEMA public
> > >>> OWNER TO pg_write_server_files; REVOKE ALL ON SCHEMA public FROM
> > >>> pg_write_server_files;". I will try again later.
>
> Fixed. The comment added to getNamespaces() explains what went wrong.
>
> Incidentally, --no-acl is fragile without --no-owner, because any REVOKE
> statements assume a particular owner. Since one can elect --no-owner at
> restore time, we can't simply adjust the REVOKE statements constructed at dump
> time. That's not new with this patch or specific to initdb-created objects.
>
> > >> Could I ask you to also include COMMENTs when you try again, please?
> > >
> > > That may work. I had not expected to hear of a person changing the comment on
> > > schema public. To what do you change it?
> >
> > It was a while ago and I don't remember because it didn't appear in the
> > dump so I stopped doing it. :(
> >
> > Mine was an actual comment, but there are some tools out there that
> > (ab)use COMMENTs as crude metadata for what they do. For example:
> > https://postgresql-anonymizer.readthedocs.io/en/stable/declare_masking_rules/#declaring-rules-with-comments
>
> I've attached a separate patch for this, which applies atop the ownership
> patch. This makes more restores fail for non-superusers, which is okay.
Oops, I botched a refactoring late in the development of that patch. Here's a
fixed pair of patches.
