From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
Subject: | Re: GUC --- prevent non-super user changes |
Date: | 2003-06-11 05:05:35 |
Message-ID: | 200306110505.h5B55Z817226@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
Sorry, I forgot --- this should have gone only to patches.
---------------------------------------------------------------------------
Bruce Momjian wrote:
> Tom Lane wrote:
> > The recent change to make log_min_messages SUSET provokes the following
> > behavior:
> >
> > $ export PGOPTIONS="-d 5"
> > $ psql
> > psql: FATAL: 'log_min_messages': permission denied
> > $
> >
> > Considering that I *am* superuser, this is quite unacceptable.
> > If you don't want to revert the change, propose another solution.
>
> Here is a proposed fix for the new SUSET of various variables. The
> solution is to create a new GUC context called PGC_USERLIMIT, which
> limits changes by non-super users. For example, non-super users can
> turn on logging, but can't turn it off, and log_min_* logging can have
> added output, but not less output.
>
> The first part of the patch prevent client PGOPTIONS from lowering the
> debug level. The second part adds this new GUC context, then allows it
> to be set properly. The tests are in two parts --- the first prevents
> non-super users from changing the value inappropriately, and the second
> allows postgresql.conf changes to apply to existing backends, i.e. if
> postgresql.conf turns logging off via SET, turning it on via
> postgresql.conf should propogate to the client, because the client can't
> turn something off that the admin wants turned on --- that is the tricky
> part that we have to be able to handle the settings in any order.
>
> Peter, how does this look? Is reset_val the proper value to test?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | P.M | 2003-06-11 05:34:04 | PostgreSQL under Windows |
Previous Message | Bruce Momjian | 2003-06-11 05:01:15 | GUC --- prevent non-super user changes |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2003-06-11 05:09:33 | Remove lock postgresql.conf variables |
Previous Message | Bruce Momjian | 2003-06-11 05:01:15 | GUC --- prevent non-super user changes |