Thread: template1, can there be a template2/3/4?

as i understand the usage of template1, it holds the system catalogs,
users, etc, etc.

it is accessed as a quasi-shadow database supporting the actual production
data databases.

would it be possible for me to create a template2 and have some arbitrary
database use it instead of template1?

the reason i ask this is that it would be useful to have something to the
effect of:

database access startup for "sample" database.

if exists sample_cat database, use it instead of template1
otherwise use template1

this way "sample" could have its own set of users, permissions, etc, etc.

it would be a method for getting around the fact that a user in template1
has access to all of the other databases, modulo per-database permissions
via GRANT/REVOKE

does this make any sense?

--
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

Jim Mercer <jim@reptiles.org> writes:
> would it be possible for me to create a template2 and have some arbitrary
> database use it instead of template1?

In 7.1, you can tell CREATE DATABASE to clone any existing database,
not only template1.  However, this doesn't seem to have much to do with
what you are really after.

> this way "sample" could have its own set of users, permissions, etc, etc.

Users (also groups) are installation-wide, so there's no way to have
database-specific users.  AFAICS, the only thing the alternate-template
facility is good for is to preinstall languages, tables, etc into some
databases and not others.

> it would be a method for getting around the fact that a user in template1
> has access to all of the other databases, modulo per-database permissions
> via GRANT/REVOKE

Which database you are connected to has nothing whatever to do with
whether you can see/manipulate other databases.  template1 is certainly
not special in that regard.  The only reason createdb and friends
connect to template1 is that it's the only DB name they can be pretty
certain exists.

            regards, tom lane

On Mon, Jun 04, 2001 at 12:13:23PM -0400, Tom Lane wrote:
> > it would be a method for getting around the fact that a user in template1
> > has access to all of the other databases, modulo per-database permissions
> > via GRANT/REVOKE
>
> Which database you are connected to has nothing whatever to do with
> whether you can see/manipulate other databases.  template1 is certainly
> not special in that regard.  The only reason createdb and friends
> connect to template1 is that it's the only DB name they can be pretty
> certain exists.

ah, so users/groups are not stored in template1, but in some other series
of physical files.

hmmm.  yep, that certainly does squash my idea.

i imagine it would be architectually difficult to have seperate user/group
tables per database.

--
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

On Mon, Jun 04, 2001 at 12:29:08PM -0400, Tom Lane wrote:
> Jim Mercer <jim@reptiles.org> writes:
> > i imagine it would be architectually difficult to have seperate user/group
> > tables per database.
>
> Codewise it would be trivial --- remove 'em from the list of shared
> relations.  From the point of view of backwards compatibility, however,
> that's not likely to happen.

where are these relations?  is this a compile-time thing, or can it be done
on-the-fly?

--
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

On Mon, Jun 04, 2001 at 12:29:08PM -0400, Tom Lane wrote:
> > i imagine it would be architectually difficult to have seperate user/group
> > tables per database.
>
> Codewise it would be trivial --- remove 'em from the list of shared
> relations.  From the point of view of backwards compatibility, however,
> that's not likely to happen.
>
> If you want to restrict users to connect only to their own database,
> the 'sameuser' option in pg_hba.conf might be helpful.

my goal is a bit bigger than that.

at some point in the past, i posted a tweak that allowed one to have a
database authenticated similar to that of /bin/login.

ie. the client passes username/plain-text password, and that is authenticated
against crypto-gunge in the pg_shadow table.
(currently the authentication schemes seem to insist on storing plain-text
passwords in pg_shadow, which i just can't stomach).
(that tweak BTW was done in a completely reverse-compatability way)

with this tweak in place, i can then do PHP scripts which allow the webserver
to store the username/plain-textpass in session variables, and use them with
each call to the pgsql API.

this allows me to use the system catalogs for allowing/denying access to the
tables, without having to fake up some table with SELECT priv for user
"nobody" (or whatever the webserver is running as).

further to this, if i can have seperate pg_user/pg_shadow per database, then
i can have wholly seperate userbases for each database, rather than trying
to manage all my users in a single table.

--
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

Jim Mercer <jim@reptiles.org> writes:
> ah, so users/groups are not stored in template1, but in some other series
> of physical files.

pg_shadow/pg_group are installation-wide; they do not belong to any
individual database.  This is done via special hacks (cf
IsSharedSystemRelation).

> i imagine it would be architectually difficult to have seperate user/group
> tables per database.

Codewise it would be trivial --- remove 'em from the list of shared
relations.  From the point of view of backwards compatibility, however,
that's not likely to happen.

If you want to restrict users to connect only to their own database,
the 'sameuser' option in pg_hba.conf might be helpful.

            regards, tom lane

Jim Mercer wrote:
>
> as i understand the usage of template1, it holds the system catalogs,
> users, etc, etc.
>
> it is accessed as a quasi-shadow database supporting the actual production
> data databases.
>
> would it be possible for me to create a template2 and have some arbitrary
> database use it instead of template1?
>
> the reason i ask this is that it would be useful to have something to the
> effect of:
>
> database access startup for "sample" database.
>
> if exists sample_cat database, use it instead of template1
> otherwise use template1
>
> this way "sample" could have its own set of users, permissions, etc, etc.
>
> it would be a method for getting around the fact that a user in template1
> has access to all of the other databases, modulo per-database permissions
> via GRANT/REVOKE
>
> does this make any sense?

    There  is  no  such  concept  like a shadow database. I think
    you've misunderstood something.

    Except  for  a  few  shared  relations,  namely  pg_database,
    pg_shadow,  pg_group  and pg_log, every database has it's own
    copy of the system catalog. The entire content  (catalog  and
    so  far  created  objects)  is *copied* at createdb time from
    whatever you specify as the template database. If you  modify
    the template database after, these changes don't make it into
    the databases derived from it.

    The shared catalogs are shared in the entire instance. So  if
    you  want  different  sets of users, you need to run separate
    postmasters for the different sets of databases.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

I wrote:
> Jim Mercer <jim@reptiles.org> writes:
>> where are these relations?  is this a compile-time thing, or can it be done
>> on-the-fly?

> Compile-time; see SharedSystemRelationNames in
> backend/utils/init/globals.c.  You'd have to do an initdb after changing
> it, anyway.

BTW, the reason that pg_shadow is installation-wide is that it's
not real clear what the 'ownership' column in pg_database means
if users are not installation-wide.  Before cutting and hacking,
you'd need to think carefully about just what semantics you are
really after.

            regards, tom lane

Jim Mercer <jim@reptiles.org> writes:
> where are these relations?  is this a compile-time thing, or can it be done
> on-the-fly?

Compile-time; see SharedSystemRelationNames in
backend/utils/init/globals.c.  You'd have to do an initdb after changing
it, anyway.

            regards, tom lane

On Mon, Jun 04, 2001 at 02:16:35PM -0400, Tom Lane wrote:
> I wrote:
> > Jim Mercer <jim@reptiles.org> writes:
> >> where are these relations?  is this a compile-time thing, or can it be done
> >> on-the-fly?
>
> > Compile-time; see SharedSystemRelationNames in
> > backend/utils/init/globals.c.  You'd have to do an initdb after changing
> > it, anyway.
>
> BTW, the reason that pg_shadow is installation-wide is that it's
> not real clear what the 'ownership' column in pg_database means
> if users are not installation-wide.  Before cutting and hacking,
> you'd need to think carefully about just what semantics you are
> really after.

theoretically, if i nuked everything from SharedSystemRelationNames, then
each database would be wholly stand-alone, and the remaining code should just
work?


--
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

Jim Mercer <jim@reptiles.org> writes:
> theoretically, if i nuked everything from SharedSystemRelationNames, then
> each database would be wholly stand-alone, and the remaining code should just
> work?

Hmm.  I do not know what would happen if pg_database were made
database-local, but I doubt it would be anything good ...

            regards, tom lane

On Mon, Jun 04, 2001 at 11:16:40AM -0400, Jim Mercer wrote:
> would it be possible for me to create a template2 and have some arbitrary
> database use it instead of template1?
>
> the reason i ask this is that it would be useful to have something to the
> effect of:
>
> database access startup for "sample" database.
>
> if exists sample_cat database, use it instead of template1
> otherwise use template1
>
> this way "sample" could have its own set of users, permissions, etc, etc.
>
> it would be a method for getting around the fact that a user in template1
> has access to all of the other databases, modulo per-database permissions
> via GRANT/REVOKE
>
> does this make any sense?

as has already been discussed, template1 is basically the
default template to copy when creating a new database.

as for which relations are system-wide (versus
database-specific) check for files in
/var/lib/postgres/data/pg_*:

    pg_control
    pg_database
    pg_geqo
    pg_group
    pg_group_name_index
    pg_group_sysid_index
    pg_hba.conf
    pg_ident.conf
    pg_log
    pg_pwd
    pg_pwd.reload
    pg_shadow
    pg_variable

(note that some of those are conf files, not db relations...)

all the other 'system' tables ARE database-specific
and thus reside in their respective subdirectories at
/var/lib/postgres/data/base/<databasename>/pg_*

--
#95: We are waking up and linking to each other. We are watching. But
we are not waiting.  -- www.cluetrain.com

will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!