Tom Lane wrote: > Bruce Momjian <[EMAIL PROTECTED]> writes: > > How about if we hard-wire template1 as being no-write to public > > somewhere in the code, rather than in the db tables? > > Seems pretty icky :-( > > It occurs to me that maybe we don't need to worry. The main reason why > we've offered the advice "don't fill template1 with junk" in the past > is that it was so hard to clear out the junk without zapping built-in > entries. But now, you really have to work hard at it to shoot yourself > in the foot that way. If you created junk in template1.public, no > sweat: > \c template1 postgres > DROP SCHEMA public; > CREATE SCHEMA public; > -- don't forget to set its permissions appropriately > (This assumes we get DROP SCHEMA implemented in time for 7.3, but > I think we can build that based on Rod's pg_depend stuff.) (Which > I really really gotta review and apply soon.) > > I'm of the opinion that template1 and public are not very special > at the moment; the C-level code doesn't think either of them are > special, which is why you can drop and recreate them if you have to. > We should try not to re-introduce any low-level specialness.
It is strange we have to allow template1 open just for client stuff. I would really like to lock it down read-only. I guess we can tell admins to lock down public in template1, and all newly created databases will be the same. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
