Re: Problem with reloading groups in pg_hba.conf

Peter Eisentraut wrote:
> Bruce Momjian writes:
>
> > I don't know. Automatically modifying a manually maintained config file
> > isn't too common a feature. One problem would be if you where modifying
> > the file in your editor and the backend rewrote the file.
>
> That's not different from you modifying the file in your editor and
> someone else doing the same thing at the same time. Yes, the concurrency
> issues are not trivial, but they can be solved.

Well, hopefully there is only one administrator at a time modifying
pg_hba.conf. Random user/group mods by any superuser seems like a much
more frequent occurance. Another thing is that people duing
database-level user/group changes may not even know they are modifying
pg_hba.conf.

> > I think groups will give use the ability to add/remove connection from
> > within the database. You just need to mention the group name in the
> > config file. My original idea was to automatically identify some group
> > name for each database but maybe that is too smart.
>
> Yes, that is perfectly fine. I just want an additional interface that
> allows you to "mention the group name in the config file" while connected
> to the database.

I understand. I think the only way to do this cleanly is to have a
per-database system group that can be created and modified inside the
database. We can even have an 'all' group to match pg_hba.conf's
database column 'all'. It is actually trivial to do this in the code
with my patch.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026