Re: Tablespace permissions issue - Mailing list pgsql-hackers

From Christopher Kings-Lynne
Subject Re: Tablespace permissions issue
Date
Msg-id 40DFCC8E.9030100@familyhealth.com.au
Whole thread Raw
In response to Tablespace permissions issue  (Gavin Sherry <swm@linuxworld.com.au>)
Responses Re: Tablespace permissions issue
List pgsql-hackers
> This wasn't encountered in my original patch because
> pg_tablespace_aclmask() had this test reasonably early on:
> 
> +   if(tbloid == DEFAULTTBLSPC)
> +       return (mask);
> 
> I guess that might have been a bit presumptuous but a similar thing
> happens if you don't specify a tablespace:
> 
>         tablespaceId = get_namespace_tablespace(namespaceId);
>         /* note no permission check on tablespace in this case */
> 
> What should the solution be?

Seems to me that the solution is that the inital pg_default tablespace 
should be create with USAGE rights to PUBLIC at initdb time.  Then a 
superuser can always revoke the CREATE right if they like.

All the CREATE and ALTER commands that specify tablespaces should 
actually check that they are allowed to create in pg_default rather than 
just assume.

That way, an admin can force users to NOT use the default tablespace if 
they wish, even though the users have CREATE table rights on the schema.

Chris



pgsql-hackers by date:

Previous
From: Satoshi Nagayasu
Date:
Subject: Re: lock timeout patch
Next
From: Gaetano Mendola
Date:
Subject: Re: warning missing