Re: Installing PL/pgSQL by default

Jasen Betts <jasen@xnet.co.nz>

From: Jasen Betts <jasen@xnet.co.nz>
To: pgsql-general@postgresql.org
Date: 2009-12-04T11:34:54Z
Lists: pgsql-hackers, pgsql-general
On 2009-12-04, Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
>>>>>> "Tom" == Tom Lane <tgl@sss.pgh.pa.us> writes:
>
> > Andrew Dunstan <andrew@dunslane.net> writes:
> >> Before we go too far with this, I'd like to know how we will handle the 
> >> problems outlined here: 
> >> <http://archives.postgresql.org/pgsql-hackers/2008-02/msg00916.php>
>
> Tom> Hm, I think that's only a problem if we define it to be a
> Tom> problem, and I'm not sure it's necessary to do so.  Currently,
> Tom> access to PL languages is controlled by superusers.  You are
> Tom> suggesting that if plpgsql is installed by default, then access
> Tom> to it should be controlled by non-superuser DB owners instead.
>
> Currently, a non-superuser db owner can install plpgsql, and having
> installed it, can DROP it or grant/revoke access to it:
>
> test=> create language plpgsql;
> CREATE LANGUAGE
> test=> revoke usage on language plpgsql from public;
> REVOKE
> test=> drop language plpgsql;
> DROP LANGUAGE
>
> The complaint is that if plpgsql is installed by default, then it will
> be owned by postgres rather than by the db owner, who will then not be
> able to drop it or use grant/revoke on it.

The same problem is had with schema public...