On Fri, Aug 12, 2005 at 08:34:23AM -0500, Peter Fein wrote:
> Ok. ;) A little further investigation revealed that template0 gives the
> same result. It's potentially confusing that template0 is initialized
> this way - I couldn't find any indication of such in the manual. In
> fact, from CREATE DATABASE:
>
> In particular, by writing TEMPLATE template0, you can create a virgin
> database containing only the standard objects predefined by your version
> of PostgreSQL.
It's mentioned in:
http://www.postgresql.org/docs/8.0/static/ddl-schemas.html#DDL-SCHEMAS-PRIV
The public schema is setup so anyone can access it, that's why it's
called public.
> I guess I'm just surprised that template0 would have *any* ACLs set
> (aside from those needed by system catalogs, etc.). It seems to be
> favoring convenience by default instead of security by default.
The purpose of blocking access to public by default would be... If you
don't want people to access the database, don't let them login.
I imagine it's also partly because in prior versions before schemas
existed, if your database administrator gave you access to a database,
you got access to anything the ACLs on the tables said you could. Now
schemas are added, but this remains true. It means you can ignore
schemas if you want, no need to remind the admin to give you
permissions to create things in the database he created for you.
Seems akin to removing all permissions from the home directory of a new
user so not even they can access it. Sure it's secure, but not terribly
useful.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.