Bruce Momjian <[EMAIL PROTECTED]> writes:
> How did you get temp schemas non-world writable in template1 but not in
> the databases, or am I confused?
That right is associated with the database, so we just have to control
what CREATE DATABASE puts in the new pg_database row.
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Can someone tell me where we are on this; exactly what writability do
> > we have in 7.3?
>
> The current code implements what I suggested in that note, viz:
> default permissions for new databases are
> owner = all rights (ie
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Can someone tell me where we are on this; exactly what writability do
> we have in 7.3?
The current code implements what I suggested in that note, viz:
default permissions for new databases are
owner = all rights (ie, create schema and create t
Can someone tell me where we are on this; exactly what writability do
we have in 7.3?
---
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Have we addressed this? I don't think so.
>
> No, it's not done ye
OK, we are rolling out schemas in 7.3. We better figure out if we have
the best solution for this.
---
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Have we addressed this? I don't think so.
>
> No, it'
On Tue, 27 Aug 2002, Bruce Momjian wrote:
>
> I had a good chuckle with this. It is the type of "shoot for the moon"
> idea I would have. Maybe I am rubbing off on you. :-)
>
> The only problem I see with this solution is it makes admins think their
> template1 is safe, when it really isn't.
"Zeugswetter Andreas SB SD" <[EMAIL PROTECTED]> writes:
> ... What exactly was it, why we don't want that ?
> Backwards compatibility ? Imho doing one (additional) grant after creating a db
> cannot be such a problem, no ?
Breaking every existing pg_dumpall script doesn't strike you as a
problem
> What we really need is some mode on template1 that says, "I am not
> world-writable, but the admin hasn't made me world-non-writable, so I
> will create new databases that are world-writable". Does that make
> sense?
I think template1 public should be non-world-writeable by default, and pass
I had a good chuckle with this. It is the type of "shoot for the moon"
idea I would have. Maybe I am rubbing off on you. :-)
The only problem I see with this solution is it makes admins think their
template1 is safe, when it really isn't. That seems more dangerous than
leaving it world-writa
Bruce Momjian <[EMAIL PROTECTED]> writes:
> So template1 is writable (yuck) only so databases created from template1
> are writeable to world by default. Is that accurate?
Yup.
I had a probably-harebrained idea about this: the writeability of public
is only a serious issue when it is the defaul
It just bothers me that of all the databases that should be locked down,
it should be template1, and it isn't by default.
---
Rod Taylor wrote:
> On Mon, 2002-08-26 at 23:45, Bruce Momjian wrote:
> >
> > Oh, so we don't mo
On Mon, 2002-08-26 at 23:45, Bruce Momjian wrote:
>
> Oh, so we don't modify public writeability of template1 because the
> admin may want to disable write in template1 so all future databases
> will have it disabled. I see.
>
> So template1 is writable (yuck) only so databases created from tem
Oh, so we don't modify public writeability of template1 because the
admin may want to disable write in template1 so all future databases
will have it disabled. I see.
So template1 is writable (yuck) only so databases created from template1
are writeable to world by default. Is that accurate?
Mostly because a user may explicitly create a database with wanted
permissions, only to have this 'special code' remove them.
I personally intend to immediately revoke permissions on public in
template1, to allow the database owner to grant them as needed.
On Mon, 2002-08-26 at 22:27, Bruce Momj
Sorry, I am confused. Why can we modify temp's permissions on CREATE
DATABASE but not public's permissions?
---
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Have we addressed this? I don't think so.
>
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Have we addressed this? I don't think so.
No, it's not done yet. My inclination is
* Template1 has temp table creation and schema creation disabled
(disallowed to world) by default.
* CREATE DATABASE sets up new databases with temp table creation al
Have we addressed this? I don't think so.
---
Tom Lane wrote:
> Ron Snyder <[EMAIL PROTECTED]> writes:
> > May 31 16:11:50 vault pgcvs[2135]: [91] LOG: query: Create Temporary Table
> > pg_dump_blob_xref(oldOid pg_catalog
Josh Berkus wrote:
>
> Tom,
>
> > Probably we should have temp table creation allowed to all by default.
> > I'm not convinced that that's a good idea for schema-creation privilege
> > though. Related issues: what should initdb set as the permissions for
> > template1? Would it make sense for
Tom,
> Probably we should have temp table creation allowed to all by default.
> I'm not convinced that that's a good idea for schema-creation privilege
> though. Related issues: what should initdb set as the permissions for
> template1? Would it make sense for newly created databases to copy
>
Ron Snyder <[EMAIL PROTECTED]> writes:
> May 31 16:11:50 vault pgcvs[2135]: [91] LOG: query: Create Temporary Table
> pg_dump_blob_xref(oldOid pg_catalog.oid, newOid pg_catalog.oid);
> May 31 16:11:50 vault pgcvs[2135]: [93] ERROR: quickview: not authorized to
> create temp tables
> My theory i
20 matches
Mail list logo
