Thread: Re: Schemas and template1

Re: Schemas and template1

From
Ron Snyder
Date:
> As part of createdb, the new database will have to have it's public
> schema changed to world-writable.

I have to admit that much of the schema related discussion has been over my
head, but I think what I understand you to be saying here is that the
default would be to allow anybody to create tables in any database that they
connect to, in the same way that they currently can (with pg <= 7.2.1).

(If that's not the case, you can ignore the rest of the message.)

What value do users get from being able to create temp tables in any
database?

Don't _most_ people expect databases (from any vendor) to be writable only
by the owner? I have to confess that I was surprised when I discovered that
others could create tables in my PG database (although I don't have much
exposure to other flavors of databases).

ISTM that the best default is to have it not world writable, but that will
tend to cause some consternation when people transition to 7.3 and discover
(as I did) that the current pg_restore may hit snags on a non-world writable
DB in certain circumstances.

If I put data into a database and want to allow anybody to read it and don't
want to worry about administering accounts for hundreds of users, I might
create an account that anybody can use to connect. I would be unhappy if
someone was able to expand that permission into something like creating
tables and filling them so much that it causes problems for me.

(As I said, this is all predicated on my understanding at the beginning, so
if I've misunderstood this issue then perhaps this wouldn't be a problem for
me.)

-ron







> 
> -- 
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 853-3000
>   +  If your life is a hard drive,     |  830 Blythe Avenue
>   +  Christ can be your backup.        |  Drexel Hill, 
> Pennsylvania 19026
> 
> ---------------------------(end of 
> broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to 
> majordomo@postgresql.org
> 


Re: Schemas and template1

From
Bruce Momjian
Date:
Ron Snyder wrote:
> > As part of createdb, the new database will have to have it's public
> > schema changed to world-writable.
> 
> I have to admit that much of the schema related discussion has been over my
> head, but I think what I understand you to be saying here is that the
> default would be to allow anybody to create tables in any database that they
> connect to, in the same way that they currently can (with pg <= 7.2.1).
> 
> (If that's not the case, you can ignore the rest of the message.)

The issue I was raising is the creation of tables in the default
'public' schema, which is the one used by users who don't have a schema
matching their name.  I was saying that template1 should prevent
creation of tables by anyone but the superuser.

As far as temp tables, I think we should enable that for all
non-template1 databases.

(In fact, what happens if you create a database while a temp table
exists in template1.  Seems it would not be cleaned up in the new
database.)

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026