Re: GUC --- prevent non-super user changes

Sorry, I forgot --- this should have gone only to patches.

---------------------------------------------------------------------------

Bruce Momjian wrote:
> Tom Lane wrote:
> > The recent change to make log_min_messages SUSET provokes the following
> > behavior:
> >
> > $ export PGOPTIONS="-d 5"
> > $ psql
> > psql: FATAL: 'log_min_messages': permission denied
> > $
> >
> > Considering that I *am* superuser, this is quite unacceptable.
> > If you don't want to revert the change, propose another solution.
>
> Here is a proposed fix for the new SUSET of various variables. The
> solution is to create a new GUC context called PGC_USERLIMIT, which
> limits changes by non-super users. For example, non-super users can
> turn on logging, but can't turn it off, and log_min_* logging can have
> added output, but not less output.
>
> The first part of the patch prevent client PGOPTIONS from lowering the
> debug level. The second part adds this new GUC context, then allows it
> to be set properly. The tests are in two parts --- the first prevents
> non-super users from changing the value inappropriately, and the second
> allows postgresql.conf changes to apply to existing backends, i.e. if
> postgresql.conf turns logging off via SET, turning it on via
> postgresql.conf should propogate to the client, because the client can't
> turn something off that the admin wants turned on --- that is the tricky
> part that we have to be able to handle the settings in any order.
>
> Peter, how does this look? Is reset_val the proper value to test?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073