Rod Taylor <rbt@rbt.ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please. Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?
> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?
No. The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.
> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.
Try "3), without it, filesystem security is a joke". Consider
echo "rm -rf ~joe" >badscript
chmod u+sx badscript
chown joe badscript
./badscript
PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership. Domains might be too simple to support such
attacks ... at the moment. I don't want to bet that they'll always be
so.
regards, tom lane
