Commit d61de589 authored by Tom Lane's avatar Tom Lane

Arrange for the default permissions on a database to allow temp table

creation to world, but disallow temp table creation in template1.  Per
latest round of pghackers discussion.
I did not force initdb, but the permissions lockdown on template1 will
not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
parent c7d07b5a
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.28 2002/08/12 20:02:09 petere Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.29 2002/09/03 22:17:34 tgl Exp $
PostgreSQL documentation PostgreSQL documentation
--> -->
...@@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos; ...@@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
<para> <para>
If the <quote>Access privileges</> column is empty for a given object, If the <quote>Access privileges</> column is empty for a given object,
it means the object has default privileges (that is, its privileges field it means the object has default privileges (that is, its privileges field
is NULL). Currently, default privileges are interpreted the same way is NULL). Currently, default privileges are interpreted as <quote>all
for all object types: all privileges for the owner and no privileges for privileges for the owner and no privileges for anyone else</quote>, except
anyone else. The first <command>GRANT</> on an object will instantiate for databases: the default privilege settings for a database allow anyone
this default (producing, for example, <literal>{=,miriam=arwdRxt}</>) to create temporary tables in it. The first <command>GRANT</> or
and then modify it per the specified request. <command>REVOKE</> on an object
will instantiate the default privileges (producing, for example,
<literal>{=,miriam=arwdRxt}</>) and then modify them per the specified request.
</para> </para>
</refsect1> </refsect1>
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.103 2002/09/03 21:45:41 petere Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.104 2002/09/03 22:17:34 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -328,7 +328,12 @@ createdb(const CreatedbStmt *stmt) ...@@ -328,7 +328,12 @@ createdb(const CreatedbStmt *stmt)
/* do not set datpath to null, GetRawDatabaseInfo won't cope */ /* do not set datpath to null, GetRawDatabaseInfo won't cope */
new_record[Anum_pg_database_datpath - 1] = new_record[Anum_pg_database_datpath - 1] =
DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : "")); DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : ""));
/*
* We deliberately set datconfig and datacl to defaults (NULL), rather
* than copying them from the template database. Copying datacl would
* be a bad idea when the owner is not the same as the template's owner.
* It's more debatable whether datconfig should be copied.
*/
new_record_nulls[Anum_pg_database_datconfig - 1] = 'n'; new_record_nulls[Anum_pg_database_datconfig - 1] = 'n';
new_record_nulls[Anum_pg_database_datacl - 1] = 'n'; new_record_nulls[Anum_pg_database_datacl - 1] = 'n';
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.77 2002/08/27 03:56:35 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.78 2002/09/03 22:17:35 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2) ...@@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2)
* acldefault() --- create an ACL describing default access permissions * acldefault() --- create an ACL describing default access permissions
* *
* Change this routine if you want to alter the default access policy for * Change this routine if you want to alter the default access policy for
* newly-created tables (or any table with a NULL acl entry in pg_class) * newly-created objects (or any object with a NULL acl entry).
*/ */
Acl * Acl *
acldefault(GrantObjectType objtype, AclId ownerid) acldefault(GrantObjectType objtype, AclId ownerid)
...@@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid) ...@@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid)
owner_default = ACL_ALL_RIGHTS_RELATION; owner_default = ACL_ALL_RIGHTS_RELATION;
break; break;
case ACL_OBJECT_DATABASE: case ACL_OBJECT_DATABASE:
world_default = ACL_NO_RIGHTS; world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */
owner_default = ACL_ALL_RIGHTS_DATABASE; owner_default = ACL_ALL_RIGHTS_DATABASE;
break; break;
case ACL_OBJECT_FUNCTION: case ACL_OBJECT_FUNCTION:
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
# Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group # Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
# Portions Copyright (c) 1994, Regents of the University of California # Portions Copyright (c) 1994, Regents of the University of California
# #
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.171 2002/09/03 21:45:43 petere Exp $ # $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.172 2002/09/03 22:17:35 tgl Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
...@@ -1064,6 +1064,14 @@ UPDATE pg_database SET \ ...@@ -1064,6 +1064,14 @@ UPDATE pg_database SET \
UPDATE pg_database SET datlastsysoid = \ UPDATE pg_database SET datlastsysoid = \
(SELECT oid - 1 FROM pg_database WHERE datname = 'template0'); (SELECT oid - 1 FROM pg_database WHERE datname = 'template0');
-- Explicitly revoke public create-schema and create-temp-table privileges
-- in template1 and template0; else the latter would be on by default
REVOKE CREATE,TEMPORARY ON DATABASE template1 FROM public;
REVOKE CREATE,TEMPORARY ON DATABASE template0 FROM public;
-- Finally vacuum to clean up dead rows in pg_database
VACUUM FULL pg_database; VACUUM FULL pg_database;
EOF EOF
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment