> This wasn't encountered in my original patch because
> pg_tablespace_aclmask() had this test reasonably early on:
>
> + if(tbloid == DEFAULTTBLSPC)
> + return (mask);
>
> I guess that might have been a bit presumptuous but a similar thing
> happens if you don't specify a tablespace:
>
> tablespaceId = get_namespace_tablespace(namespaceId);
> /* note no permission check on tablespace in this case */
>
> What should the solution be?
Seems to me that the solution is that the inital pg_default tablespace
should be create with USAGE rights to PUBLIC at initdb time. Then a
superuser can always revoke the CREATE right if they like.
All the CREATE and ALTER commands that specify tablespaces should
actually check that they are allowed to create in pg_default rather than
just assume.
That way, an admin can force users to NOT use the default tablespace if
they wish, even though the users have CREATE table rights on the schema.
Chris