Postgres 15 upgrades and template1 public schema

Bruno Wolff III schrieb am 19.10.2022 um 22:36:

I noticed when I did an upgrade from Postgres 14 to 15 that the
public schema in template1 was still owned by postgres instead of
pg_database_owner. I was expecting it to change because the release
notes said that new database clusters would have that. But shouldn't
new clusters use what is set in template1?

This is explained in the release notes:

The change applies to new database clusters and to newly-created
databases in existing clusters.
Upgrading a cluster or restoring a database dump will preserve
public's existing permissions.

On Wed, Oct 19, 2022 at 23:30:58 +0200,
Thomas Kellerer <shammat@gmx.net> wrote:

Bruno Wolff III schrieb am 19.10.2022 um 22:36:

I noticed when I did an upgrade from Postgres 14 to 15 that the
public schema in template1 was still owned by postgres instead of
pg_database_owner. I was expecting it to change because the release
notes said that new database clusters would have that. But shouldn't
new clusters use what is set in template1?

This is explained in the release notes:

The change applies to new database clusters and to newly-created
databases in existing clusters.
Upgrading a cluster or restoring a database dump will preserve
public's existing permissions.

How do new databases in pre-existing clusters get the new public schema
security if it doesn't come from template1?

Bruno Wolff III <bruno@wolff.to> writes:

On Wed, Oct 19, 2022 at 23:30:58 +0200,
Thomas Kellerer <shammat@gmx.net> wrote:

This is explained in the release notes:

The change applies to new database clusters and to newly-created
databases in existing clusters.
Upgrading a cluster or restoring a database dump will preserve
public's existing permissions.

How do new databases in pre-existing clusters get the new public schema
security if it doesn't come from template1?

The release notes could probably use some tweaking here. It looks to
me like pg_dumpall (and hence pg_upgrade) will adjust the ownership and
permissions of template1's public schema to match what was in the old
installation, but it doesn't touch template0. Hence, whether a
"newly-created database in an existing cluster" has the old or new
properties of the public schema will depend on whether you clone it
from template1 or template0. That definitely needs explained, and
maybe we should recommend that DBAs consider manually changing
what's in template1.

regards, tom lane

On Wed, Oct 19, 2022 at 19:59:52 -0400,
Tom Lane <tgl@sss.pgh.pa.us> wrote:

The release notes could probably use some tweaking here. It looks to
me like pg_dumpall (and hence pg_upgrade) will adjust the ownership and
permissions of template1's public schema to match what was in the old
installation, but it doesn't touch template0. Hence, whether a
"newly-created database in an existing cluster" has the old or new
properties of the public schema will depend on whether you clone it
from template1 or template0. That definitely needs explained, and
maybe we should recommend that DBAs consider manually changing
what's in template1.

This answers my question about what is actually happening.

I think expanding the release notes section on this a bit could be
helpful for other people.

On Wed, Oct 19, 2022 at 19:59:52 -0400,
Tom Lane <tgl@sss.pgh.pa.us> wrote:

The release notes could probably use some tweaking here. It looks to
me like pg_dumpall (and hence pg_upgrade) will adjust the ownership and
permissions of template1's public schema to match what was in the old
installation, but it doesn't touch template0. Hence, whether a
"newly-created database in an existing cluster" has the old or new
properties of the public schema will depend on whether you clone it
from template1 or template0. That definitely needs explained, and
maybe we should recommend that DBAs consider manually changing
what's in template1.

I didn't see any changes related to this in the first draft of the 15.1
release notes. Since I got the impression from the above that there
might be a change, I'm sending this as a reminder.