I'm running PostgreSQL 6.5.3 on HP-UX 10.20. I've just noticed that I can connect to any database as any valid user, and create new tables in any database as any user. I don't believe this is correct operation, nor does it match the documentation. Is this a bug, or am I missing the boat? In the documentation page: http://www.posgresql.org/doxlist.html - Chapter 8. Security in the first section I see: "Each user in Postgres is assigned a username, and (optionally) a password. By default, users do not have write access to databases they did not create." However, if I create a user "user1", password "user1", that has no privileges, but is the DBA for a database "user1": % psql template1 ... You are currently connected to the database: template1 template1=> create user "user1" with password "user1" nocreatedb nocreateuser; template1=> update pg_shadow set usetrace='f', usecatupd='f' template1-> where usename='user1'; template1=> create database user1; template1=> select usename,usesysid from pg_user; usename|usesysid -------+-------- pgsql | 5432 user1 | 5433 (2 rows) template1=> update pg_database set datdba=5433 where datname='user1'; template1=> select * from from pg_database; datname |datdba|encoding|datpath ---------+------+--------+--------- template1| 5432| 0|template1 user1 | 5433| 0|user1 (2 rows) template1=> \q Now if the documentation is correct, I believe as the DB user "user1" I shouldn't be able to create tables or anything else in a database for which I am not the database administrator. Notice from the select's above that the "user1" user is not the database admin for the template1 database (good, regular database users shouldn't be able to change the template for all new databases). However if I do: % psql -u template1 Username: user1 Password: user1 ... You are currently connected to the database: template1 template1=> create table foo (yn bool); template1=> \d +------------------+------------------------------+---------+ | Owner | Relation | Type | +------------------+------------------------------+---------+ | user1 | foo | table | +------------------+------------------------------+---------+ I don't think I should have been able to do that! I just checked and the same feature/bug is also in the 6.4 release. Thanks in advance for any enlightenment, Jon Koopman Agilent Technologies [EMAIL PROTECTED] R&D Software Development Engineer
[ADMIN] Any user can create table in any database?
KOOPMAN,JON (A-SantaClara,ex1) Wed, 15 Mar 2000 16:07:16 -0800
- Re: [ADMIN] Any user can create table in an... KOOPMAN,JON (A-SantaClara,ex1)
- Re: [ADMIN] Any user can create table ... Peter Eisentraut
- RE: [ADMIN] Any user can create table ... KOOPMAN,JON (A-SantaClara,ex1)
- RE: [ADMIN] Any user can create ta... Karel Zak - Zakkr
- RE: [ADMIN] Any user can create table ... KOOPMAN,JON (A-SantaClara,ex1)
- RE: [ADMIN] Any user can create table ... Nicolas Huillard
