Re: Default privileges for new databases (was Re: Can't import

Josh Berkus wrote:
>
> Tom,
>
> > Probably we should have temp table creation allowed to all by default.
> > I'm not convinced that that's a good idea for schema-creation privilege
> > though. Related issues: what should initdb set as the permissions for
> > template1? Would it make sense for newly created databases to copy
> > their permission settings from the template database? (Probably not,
> > since the owner is likely to be different.) What about copying those
> > per-database config settings Peter just invented?
>
> Yes. I think there should be a not optional INITDB switch: either --secure
> or --permissive. People usually know at the time of installation whether
> they're building a web server (secure) or a home workstation (permissive).
>
> Depending on the setting, this should set either a grant all or revoke all for
> non-db owners as default, including such things as temp table creation.

I like this idea. I think we should prompt for tcp socket permission
setting for only the owner (Peter E's idea that I think he wants for
7.3), default public schema permissions, temp shema permissions, stuff
like that. We can have initdb flags to prevent the prompting, but doing
this quering at initdb time seems like an ideal solution. We have
needed such control for a while.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026