Dear hackers, I'm used to have a "umask 077", but I cannot have that at the time with postgresql. This fact is among the many various "surprises" I had while discovering postgresql, and this is easy to fix.
Thus I'd like to add a user defined default public acl for postgresql database, namespace, class, language and proc, instead of the hardwired defaults in "src/backend/utils/adt/acl.c". In order to do so I'm planing to add 5 new user-land pg_settings intended to describe the default rights for "public" on new objects: - database_default_acl - namespace_default_acl - class_default_acl - language_default_acl - proc_default_acl The default for these would be postgresql current defaults for public acl. The value could be integer (binary) or string (symbolic). I think that the use of a string version would be more useful: proc_default_acl = "x". Any comments? Also, I'm afraid that empty acl arrays (from what is seen from acl fields when dumping pg_database or other tables) have a meaning at the time, which is "default"... this may interact with new user-defined defaults. I think that it would be appropriate to have defaults set at object creation time, so that "default" would mean "no acl", thus only super users would be able to access such objects? Or am I missing something on this point?? That's quite possible. -- Fabien Coelho - [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings