Skip site navigation (1) Skip section navigation (2)

Re: Tablespace permissions issue

From: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Tablespace permissions issue
Date: 2004-06-28 07:45:18
Message-ID: 40DFCC8E.9030100@familyhealth.com.au (view raw or flat)
Thread:
Lists: pgsql-hackers
> This wasn't encountered in my original patch because
> pg_tablespace_aclmask() had this test reasonably early on:
> 
> +   if(tbloid == DEFAULTTBLSPC)
> +       return (mask);
> 
> I guess that might have been a bit presumptuous but a similar thing
> happens if you don't specify a tablespace:
> 
>         tablespaceId = get_namespace_tablespace(namespaceId);
>         /* note no permission check on tablespace in this case */
> 
> What should the solution be?

Seems to me that the solution is that the inital pg_default tablespace 
should be create with USAGE rights to PUBLIC at initdb time.  Then a 
superuser can always revoke the CREATE right if they like.

All the CREATE and ALTER commands that specify tablespaces should 
actually check that they are allowed to create in pg_default rather than 
just assume.

That way, an admin can force users to NOT use the default tablespace if 
they wish, even though the users have CREATE table rights on the schema.

Chris


In response to

Responses

pgsql-hackers by date

Next:From: Andreas PflugDate: 2004-06-28 10:55:55
Subject: serverlog rotation/functions
Previous:From: Satoshi NagayasuDate: 2004-06-28 06:16:54
Subject: Re: lock timeout patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group