Tom Lane wrote:
> Larry Rosenman <[EMAIL PROTECTED]> writes:
> > I guess the issue is that I'd expect public to be owned by the DB Owner 
> > after
> > a CREATE DATABASE foo OWNER bar,
> 
> Why?  Do you expect the system catalogs to be owned by the DB owner?
> What about other random objects that might have been created in the
> template database?  If the DBA has installed nondefault permission
> settings on the public schema or other objects, how do you expect those
> to be transformed?
> 
> I do not actually agree with that TODO item, as I think it requires
> AI-completeness to guess what sorts of changes to apply, and getting
> ownership/permissions wrong would create a significant risk of security
> issues.

Caution added to TODO item:

        
        * Set proper permissions on non-system schemas during db creation
        
          Currently all schemas are owned by the super-user because they
          are copied from the template1 database.  However, since all
          objects are inherited from the template database, it is not
          clear that setting schemas to the db owner is correct.

-- 
  Bruce Momjian  <[EMAIL PROTECTED]>          http://momjian.us
  EnterpriseDB                               http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to