Arrange for the default permissions on a database to allow temp table

creation to world, but disallow temp table creation in template1. Per latest round of pghackers discussion. I did not force initdb, but the permissions lockdown on template1 will not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
2025-06-30 21:42:05 +03:00 · 2002-09-03 22:17:35 +00:00
parent c7d07b5a45
commit d61de58906
4 changed files with 27 additions and 12 deletions
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.77 2002/08/27 03:56:35 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.78 2002/09/03 22:17:35 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -396,7 +396,7 @@ aclitemgt(const AclItem *a1, const AclItem *a2)
 * acldefault()  --- create an ACL describing default access permissions
 *
 * Change this routine if you want to alter the default access policy for
- * newly-created tables (or any table with a NULL acl entry in pg_class)
+ * newly-created objects (or any object with a NULL acl entry).
 */
 Acl *
 acldefault(GrantObjectType objtype, AclId ownerid)
@ -413,7 +413,7 @@ acldefault(GrantObjectType objtype, AclId ownerid)
 			owner_default = ACL_ALL_RIGHTS_RELATION;
 			break;
 		case ACL_OBJECT_DATABASE:
-			world_default = ACL_NO_RIGHTS;
+			world_default = ACL_CREATE_TEMP; /* not NO_RIGHTS! */
 			owner_default = ACL_ALL_RIGHTS_DATABASE;
 			break;
 		case ACL_OBJECT_FUNCTION: