On 2005-09-01, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Jaime Casanova <systemguards@gmail.com> writes:
>> I see this TODO item:
>> * %Set proper permissions on non-system schemas during db creation
>> I think a quetion here is wich are non-system schemas?
>
> There's considerable feeling that that TODO item is bogus anyway.
> It was pushed in by people who think that the current behavior is
> wrong, but they haven't justified a change IMHO. I think the first
> part of working on this is to propose a behavior that everyone will
> accept --- which schemas to touch is part of that.
The issue that I've seen is that currently, allowing non-superusers to
create databases in a useful manner requires all sorts of hoop-jumping
to allow the database owner to end up owning the "public" schema. The
simplest solution at present is to remove public from template1 and have
the new db owner create it themselves, which of course interferes with
the (pre 8.1) defaults for createlang etc. (Since the new db owner can't,
for example, install plpgsql themselves, it has to be installed in
template1 in some schema _other_ than public.)
(Another wart that could do with looking into is that such a non-superuser
database owner can't prevent xid wrap in his database regardless of how
often he vacuums it.)
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services