Tom Lane wrote:
> Peter Fein <pfein@pobox.com> writes:
>
>>If I read my ACL's correctly, =UC/postgres means full access for PUBLIC.
>> Why is that happening?
>
>
> Because that's the way it's set up in template1. CREATE DATABASE just
> copies the source database, it doesn't editorialize on the contents
> thereof.
Ok. ;) A little further investigation revealed that template0 gives the
same result. It's potentially confusing that template0 is initialized
this way - I couldn't find any indication of such in the manual. In
fact, from CREATE DATABASE:
In particular, by writing TEMPLATE template0, you can create a virgin
database containing only the standard objects predefined by your version
of PostgreSQL.
I guess I'm just surprised that template0 would have *any* ACLs set
(aside from those needed by system catalogs, etc.). It seems to be
favoring convenience by default instead of security by default.
--
Peter Fein pfein@pobox.com 773-575-0694
Basically, if you're not a utopianist, you're a schmuck. -J. Feldman