| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Andrus <kobruleht2(at)hot(dot)ee> |
| Cc: | pgadmin-support(at)postgresql(dot)org |
| Subject: | Re: Editing config files which are not in database directory |
| Date: | 2009-10-01 09:16:04 |
| Message-ID: | 937d27e10910010216m5e63ffa1oe85d4d7f0d6f14c8@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
On Thu, Oct 1, 2009 at 10:02 AM, Andrus <kobruleht2(at)hot(dot)ee> wrote:
>> Unless you're running pgAdmin directly on the server, you can't I'm
>
> afraid. This is a security restriction in the adminpack contrib module
> in PostgreSQL itself.
>
> postgresql superuser has access to those files. So this is is a bug:
> implementation restricts access granted by Linux file system.
Feel free to try to convince the PostgreSQL committers of that. I've
long since given up.
> Also in this case pgAdmin should *not* open bogus files for editing.
pgAdmin doesn't know what it's opening until it looks at it - and as a
one-line config file with a single include directive or comment is
technically valid, and we intentionally don't hard-code the allowable
directives into pgAdmin (consider user defined GUCs for add-on
modules), it's not completely straightforward to work out if a file is
what you would call valid or not.
> Btw. Using file functions is a joke. Probably for this reason they are not
> added to postgresql core.
>
> Can we create long-waited patch to postgres to allow read log, postgres and
> pg_hba files directly, without using file system and
> writing postgres and pg_hba files directly.
>
> Long time ago I posted the idea of creating system table pg_conf
It's not that simple because the system needs to be configured before
the server is brought up, and the config file needs to be readable by
the postmaster before it gets anywhere close to being able to access
the database.
> Then for reading we can use
>
> SELECT postgresql, pg_hba
> FROM pg_conf
>
> and for writing
>
> UPDATE pg_conf SET pg_hba= '... new value '
>
> Then postgresql can translate those requests to file system calls itself.
Also not that simple. This has been discussed at length in
pgsql-hackers. How do you deal with comments in the config file? What
about overriding config directives? What about situations where the
distribution breaks the config into multiple files to avoid
complications with upgrades?
There's a *lot* that would have to be done to implement such a system,
and much as I'd like to have these features, it's not something for
this forum to figure out.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrus | 2009-10-01 10:06:07 | Re: Editing config files which are not in database directory |
| Previous Message | Andrus | 2009-10-01 09:02:20 | Re: Editing config files which are not in database directory |