From 0510ffc8fd791773f8f283bf9250aabb5a0df864 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 16 Feb 2026 12:08:34 -0500
Subject: [PATCH 1/2] feat(db/postgreSQL): Use user-named schema instead of
 `public`

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Setup/PostgreSQL.php | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index 5ace7f6bcbee3..74a0fa538f326 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -67,16 +67,14 @@ public function setupDatabase(): void {
 
 			if ($this->tryCreateDbUser) {
 				if ($canCreateRoles) {
-					// Go to the main database and grant create on the public schema
-					// The code below is implemented to make installing possible with PostgreSQL version 15:
-					// https://www.postgresql.org/docs/release/15.0/
-					// From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases
-					// Therefore we assume that the database is only used by one user/service which is Nextcloud
-					// Additional services should get installed in a separate database in order to stay secure
-					// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
-					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"');
-					$connectionMainDatabase->close();
-				}
+				// Create user-named schema for PostgreSQL 15+ compatibility.
+				// PostgreSQL 15 removed default CREATE privileges on `public` schema.
+				// User-named schemas are automatically in `search_path` and owned by the user.
+				// This only affects new installations; existing installations continue using 'public' schema.
+				// See: https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH
+				// See: https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
+				$connectionMainDatabase->executeQuery('CREATE SCHEMA IF NOT EXISTS "' . addslashes($this->dbUser) . '" AUTHORIZATION "' . addslashes($this->dbUser) . '"');
+				$connectionMainDatabase->close();
 			}
 		} catch (\Exception $e) {
 			$this->logger->warning('Error trying to connect as "postgres", assuming database is setup and tables need to be created', [

From eb96d8e804d06581ff41cfd0041da947a00b3a02 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 16 Feb 2026 12:23:30 -0500
Subject: [PATCH 2/2] chore: fixup PostgreSQL typo

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Setup/PostgreSQL.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index 74a0fa538f326..a270d77b7159d 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -75,6 +75,7 @@ public function setupDatabase(): void {
 				// See: https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
 				$connectionMainDatabase->executeQuery('CREATE SCHEMA IF NOT EXISTS "' . addslashes($this->dbUser) . '" AUTHORIZATION "' . addslashes($this->dbUser) . '"');
 				$connectionMainDatabase->close();
+				}
 			}
 		} catch (\Exception $e) {
 			$this->logger->warning('Error trying to connect as "postgres", assuming database is setup and tables need to be created', [