Arrange for the default permissions on a database to allow temp table

creation to world, but disallow temp table creation in template1. Per latest round of pghackers discussion. I did not force initdb, but the permissions lockdown on template1 will not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
23 years ago · d61de58906
parent c7d07b5a45
commit d61de58906
4 changed files with 27 additions and 12 deletions
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.28 2002/08/12 20:02:09 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.29 2002/09/03 22:17:34 tgl Exp $
 PostgreSQL documentation
 -->

@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
   <para>
   If the <quote>Access privileges</> column is empty for a given object,
 it means the object has default privileges (that is, its privileges field
-is NULL).  Currently, default privileges are interpreted the same way
-for all object types: all privileges for the owner and no privileges for
-anyone else.  The first <command>GRANT</> on an object will instantiate
-this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
-and then modify it per the specified request.
+is NULL).  Currently, default privileges are interpreted as <quote>all
+privileges for the owner and no privileges for anyone else</quote>, except
+for databases: the default privilege settings for a database allow anyone
+to create temporary tables in it.  The first <command>GRANT</> or
+<command>REVOKE</> on an object
+will instantiate the default privileges (producing, for example,
+<literal>{=,miriam=arwdRxt}</>) and then modify them per the specified request.
   </para>
 </refsect1>

--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@ -9,7 +9,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.103 2002/09/03 21:45:41 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.104 2002/09/03 22:17:34 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -328,7 +328,12 @@ createdb(const CreatedbStmt *stmt)
 	/* do not set datpath to null, GetRawDatabaseInfo won't cope */
 	new_record[Anum_pg_database_datpath - 1] =
 		DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : ""));
-
+	/*
+	 * We deliberately set datconfig and datacl to defaults (NULL), rather
+	 * than copying them from the template database.  Copying datacl would
+	 * be a bad idea when the owner is not the same as the template's owner.
+	 * It's more debatable whether datconfig should be copied.
+	 */
 	new_record_nulls[Anum_pg_database_datconfig - 1] = 'n';
 	new_record_nulls[Anum_pg_database_datacl - 1] = 'n';

--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.77 2002/08/27 03:56:35 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.78 2002/09/03 22:17:35 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2)
 * acldefault()  --- create an ACL describing default access permissions
 *
 * Change this routine if you want to alter the default access policy for
- * newly-created tables (or any table with a NULL acl entry in pg_class)
+ * newly-created objects (or any object with a NULL acl entry).
 */
 Acl *
 acldefault(GrantObjectType objtype, AclId ownerid)
@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid)
 			owner_default = ACL_ALL_RIGHTS_RELATION;
 			break;
 		case ACL_OBJECT_DATABASE:
-			world_default = ACL_NO_RIGHTS;
+			world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */
 			owner_default = ACL_ALL_RIGHTS_DATABASE;
 			break;
 		case ACL_OBJECT_FUNCTION:
--- a/src/bin/initdb/initdb.sh
+++ b/src/bin/initdb/initdb.sh
@ -27,7 +27,7 @@
 # Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.171 2002/09/03 21:45:43 petere Exp $
+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.172 2002/09/03 22:17:35 tgl Exp $
 #
 #-------------------------------------------------------------------------

@ -1064,6 +1064,14 @@ UPDATE pg_database SET \
 UPDATE pg_database SET datlastsysoid = \
    (SELECT oid - 1 FROM pg_database WHERE datname = 'template0');

+-- Explicitly revoke public create-schema and create-temp-table privileges
+-- in template1 and template0; else the latter would be on by default
+
+REVOKE CREATE,TEMPORARY ON DATABASE template1 FROM public;
+REVOKE CREATE,TEMPORARY ON DATABASE template0 FROM public;
+
+-- Finally vacuum to clean up dead rows in pg_database
+
 VACUUM FULL pg_database;
 EOF
 if [ "$?" -ne 0 ]; then