Re: Default privileges for new databases (was Re: Can't

It just bothers me that of all the databases that should be locked down,
it should be template1, and it isn't by default.

---------------------------------------------------------------------------

Rod Taylor wrote:
> On Mon, 2002-08-26 at 23:45, Bruce Momjian wrote:
> >
> > Oh, so we don't modify public writeability of template1 because the
> > admin may want to disable write in template1 so all future databases
> > will have it disabled. I see.
> >
> > So template1 is writable (yuck) only so databases created from template1
> > are writeable to world by default. Is that accurate?
>
> I believe thats the crux of the issue -- but those of us who don't want
> newly created DBs to be world writable have no issues with that :)
>
>
> Could create a template2 as the default 'copy from' template. Make it
> connectible strictly by superusers. Template1 becomes a holding area
> for those without a db to connect to and can be locked down.
>
>
> Another is to enable users to connect to the server without requiring a
> database. This basically removes the secondary requirement of template1
> to be the holding area for those otherwise without a home.
>
>
> > ---------------------------------------------------------------------------
> >
> > Rod Taylor wrote:
> > > Mostly because a user may explicitly create a database with wanted
> > > permissions, only to have this 'special code' remove them.
> > >
> > > I personally intend to immediately revoke permissions on public in
> > > template1, to allow the database owner to grant them as needed.
> > >
> > > On Mon, 2002-08-26 at 22:27, Bruce Momjian wrote:
> > > >
> > > > Sorry, I am confused. Why can we modify temp's permissions on CREATE
> > > > DATABASE but not public's permissions?
> > > >
> > > > ---------------------------------------------------------------------------
> > > >
> > > > Tom Lane wrote:
> > > > > Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > > > > > Have we addressed this? I don't think so.
> > > > >
> > > > > No, it's not done yet. My inclination is
> > > > >
> > > > > * Template1 has temp table creation and schema creation disabled
> > > > > (disallowed to world) by default.
> > > > >
> > > > > * CREATE DATABASE sets up new databases with temp table creation allowed
> > > > > to world and schema creation allowed to DB owner only (regardless of
> > > > > what the template database had). The owner can adjust this default
> > > > > afterwards if he doesn't like it.
> > > > >
> > > > > It would be nice to lock down the public schema in template1 too, but I
> > > > > see no good way to do that, because CREATE DATABASE can't readily fiddle
> > > > > with protections *inside* the database --- the only games we can play
> > > > > are with the protections stored in the pg_database row itself. So
> > > > > public's permissions are going to be inherited from the template
> > > > > database, and that means template1's public has to be writable.
> > > > >
> > > > > Objections anyone?
> > > > >
> > > > > regards, tom lane
> > > > >
> > > > > ---------------------------(end of broadcast)---------------------------
> > > > > TIP 2: you can get off all lists at once with the unregister command
> > > > > (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
> > > > >
> > > >
> > > > --
> > > > Bruce Momjian | http://candle.pha.pa.us
> > > > pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> > > > + If your life is a hard drive, | 13 Roberts Road
> > > > + Christ can be your backup. | Newtown Square, Pennsylvania 19073
> > > >
> > > > ---------------------------(end of broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > > >
> > >
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 5: Have you checked our extensive FAQ?
> > >
> > > http://www.postgresql.org/users-lounge/docs/faq.html
> > >
> >
> > --
> > Bruce Momjian | http://candle.pha.pa.us
> > pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> > + If your life is a hard drive, | 13 Roberts Road
> > + Christ can be your backup. | Newtown Square, Pennsylvania 19073
> >
>
>
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073