diff options
| author | Tom Lane | 2002-09-03 22:17:35 +0000 |
|---|---|---|
| committer | Tom Lane | 2002-09-03 22:17:35 +0000 |
| commit | d61de58906249e8fb8e44d1ef454d029325526a3 (patch) | |
| tree | dc5aafeca29a2b1265868c1f55624db1d47f9f3c /src/backend | |
| parent | c7d07b5a456a57b48975dd582f70d4bcf966bb91 (diff) | |
Arrange for the default permissions on a database to allow temp table
creation to world, but disallow temp table creation in template1. Per
latest round of pghackers discussion.
I did not force initdb, but the permissions lockdown on template1 will
not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/commands/dbcommands.c | 9 | ||||
| -rw-r--r-- | src/backend/utils/adt/acl.c | 6 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index e62eaabb31f..f5bacf6b3c7 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.103 2002/09/03 21:45:41 petere Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.104 2002/09/03 22:17:34 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -328,7 +328,12 @@ createdb(const CreatedbStmt *stmt) /* do not set datpath to null, GetRawDatabaseInfo won't cope */ new_record[Anum_pg_database_datpath - 1] = DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : "")); - + /* + * We deliberately set datconfig and datacl to defaults (NULL), rather + * than copying them from the template database. Copying datacl would + * be a bad idea when the owner is not the same as the template's owner. + * It's more debatable whether datconfig should be copied. + */ new_record_nulls[Anum_pg_database_datconfig - 1] = 'n'; new_record_nulls[Anum_pg_database_datacl - 1] = 'n'; diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 37a5b5b183f..aa65bd650b1 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.77 2002/08/27 03:56:35 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.78 2002/09/03 22:17:35 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2) * acldefault() --- create an ACL describing default access permissions * * Change this routine if you want to alter the default access policy for - * newly-created tables (or any table with a NULL acl entry in pg_class) + * newly-created objects (or any object with a NULL acl entry). */ Acl * acldefault(GrantObjectType objtype, AclId ownerid) @@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid) owner_default = ACL_ALL_RIGHTS_RELATION; break; case ACL_OBJECT_DATABASE: - world_default = ACL_NO_RIGHTS; + world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */ owner_default = ACL_ALL_RIGHTS_DATABASE; break; case ACL_OBJECT_FUNCTION: |