Arrange for the default permissions on a database to allow temp table

tglsfdc · tglsfdc · commit d61de5890624 · 2002-09-03T22:17:35.000Z
creation to world, but disallow temp table creation in template1.  Per
latest round of pghackers discussion.
I did not force initdb, but the permissions lockdown on template1 will
not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.28 2002/08/12 20:02:09 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.29 2002/09/03 22:17:34 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
    <para>
    If the <quote>Access privileges</> column is empty for a given object,
 it means the object has default privileges (that is, its privileges field
-is NULL).  Currently, default privileges are interpreted the same way
-for all object types: all privileges for the owner and no privileges for
-anyone else.  The first <command>GRANT</> on an object will instantiate
-this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
-and then modify it per the specified request.
+is NULL).  Currently, default privileges are interpreted as <quote>all
+privileges for the owner and no privileges for anyone else</quote>, except
+for databases: the default privilege settings for a database allow anyone
+to create temporary tables in it.  The first <command>GRANT</> or
+<command>REVOKE</> on an object
+will instantiate the default privileges (producing, for example,
+<literal>{=,miriam=arwdRxt}</>) and then modify them per the specified request.
    </para>
  </refsect1>
 
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.103 2002/09/03 21:45:41 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.104 2002/09/03 22:17:34 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -328,7 +328,12 @@ createdb(const CreatedbStmt *stmt)
 	/* do not set datpath to null, GetRawDatabaseInfo won't cope */
 	new_record[Anum_pg_database_datpath - 1] =
 		DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : ""));
-
+	/*
+	 * We deliberately set datconfig and datacl to defaults (NULL), rather
+	 * than copying them from the template database.  Copying datacl would
+	 * be a bad idea when the owner is not the same as the template's owner.
+	 * It's more debatable whether datconfig should be copied.
+	 */
 	new_record_nulls[Anum_pg_database_datconfig - 1] = 'n';
 	new_record_nulls[Anum_pg_database_datacl - 1] = 'n';
 
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.77 2002/08/27 03:56:35 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.78 2002/09/03 22:17:35 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2)
  * acldefault()  --- create an ACL describing default access permissions
  *
  * Change this routine if you want to alter the default access policy for
- * newly-created tables (or any table with a NULL acl entry in pg_class)
+ * newly-created objects (or any object with a NULL acl entry).
  */
 Acl *
 acldefault(GrantObjectType objtype, AclId ownerid)
@@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid)
 			owner_default = ACL_ALL_RIGHTS_RELATION;
 			break;
 		case ACL_OBJECT_DATABASE:
-			world_default = ACL_NO_RIGHTS;
+			world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */
 			owner_default = ACL_ALL_RIGHTS_DATABASE;
 			break;
 		case ACL_OBJECT_FUNCTION:
diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh
@@ -27,7 +27,7 @@
 # Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.171 2002/09/03 21:45:43 petere Exp $
+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.172 2002/09/03 22:17:35 tgl Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -1064,6 +1064,14 @@ UPDATE pg_database SET \
 UPDATE pg_database SET datlastsysoid = \
     (SELECT oid - 1 FROM pg_database WHERE datname = 'template0');
 
+-- Explicitly revoke public create-schema and create-temp-table privileges
+-- in template1 and template0; else the latter would be on by default
+
+REVOKE CREATE,TEMPORARY ON DATABASE template1 FROM public;
+REVOKE CREATE,TEMPORARY ON DATABASE template0 FROM public;
+
+-- Finally vacuum to clean up dead rows in pg_database
+
 VACUUM FULL pg_database;
 EOF
 if [ "$?" -ne 0 ]; then
