Home

Kenny's Blog

28 Apr 2022

New users can create tables in postgres (debian)

I ran into this stackexchange page recently: https://dba.stackexchange.com/questions/35316/why-is-a-new-user-allowed-to-create-a-table

There’s some discussion here, and I’m not sure what the original intent was but it definitely makes it really easy for new users to test out postgres on stock debian.

Every linux user has their own postgres user to mess around with so you can test things with very little effort in setup… when it’s time to move to a more “production” setup then you can use a different postgres setup for production.

This also sorta makes it almost as easy as using sqlite; you can just create a new linux user for your application and assume that they’ll have access to create some postgres tables.

I’ll admit I’m not sure what the security implications are for this for anyone using stock debian with the postgresql package.

Anyways, that was a small thing I noticed.

Other notes

While I was doing some work with postgres recently, I also figured out why roles in postgres are named that way. I always treated that part of dealing with postgres as more of a pain than anything but the docs are actually pretty clear about it:

A role can be thought of as either a database user, or a group of database users, depending on how the role is set up. Roles can own database objects (for example, tables) and can assign privileges on those objects to other roles to control who has access to which objects.

This makes a lot of sense, given that CREATE USER and CREATE ROLE both exist; CREATE USER is effectively CREATE ROLE WITH LOGIN

¯_(ツ)_/¯ - TIL; read the docs