Re: inconsistent owners in newly created databases? - Mailing list pgsql-hackers

From Fabien COELHO
Subject Re: inconsistent owners in newly created databases?
Date
Msg-id Pine.LNX.4.58.0405061350280.9381@sablons.cri.ensmp.fr
Whole thread Raw
In response to inconsistent owners in newly created databases?  (Fabien COELHO <coelho@cri.ensmp.fr>)
List pgsql-hackers
Dear Greg,

> > I agree with the advantage.
> >
> > But I'm uneasy to know what a special owner would be, pratically speaking.
>
> Well I can't think of anywhere else in the code that would need this special
> case other than creating a database.

I disagree, there are consequences. That could be overcome, but I just
argue that is not "that" simple. For instance:

It means the default setup would have a new user entry for that purpose.
aclitem's are defined by refering to the user number for grantor and
possibly grantee.

It is unclear how the user could change the grantee/grantor of an entry
for that purpose. There is no simple sql interface to access or modify
aclitem entries, it is implemented down GRANT/REVOKE at the time.

Also, could the "special" account be used as a login?
If not, how to prevent it?

Moreover, I'm not convinced yet that this fine granularity of control is
actually required. Well, this opinion may change later!

The last good point is that this changes are quite independent from
putting a hook to modify the initial setup on the first connexion. Thus I
can go ahead about the hook, and think about this later. If this is seen
as useful, then that would just mean that "what is done" by the hook need
be updated.

Thanks for your point, have a nice day,

-- 
Fabien Coelho - coelho@cri.ensmp.fr


pgsql-hackers by date:

Previous
From: "Marc G. Fournier"
Date:
Subject: pgFoundry Open For Business
Next
From: Fabien COELHO
Date:
Subject: Re: inconsistent owners in newly created databases?