| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Martín Marqués <martin(dot)marques(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-01-31 05:28:37 |
| Message-ID: | 2400456.1706678917@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> On Tuesday, January 30, 2024, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> My larger point here is that trying to enforce restrictions on
>> superusers *within* Postgres is simply not a good plan, for
>> largely the same reasons that Robert questioned making the
>> GUC mechanism police itself. It needs to be done outside,
>> either at the filesystem level or via some other kernel-level
>> security system.
> The idea of adding a file to the data directory appeals to me.
>
> optional_runtime_features.conf
> alter_system=enabled
> copy_from_program=enabled
> copy_to_program=disabled
... so, exactly what keeps an uncooperative superuser from
overwriting that file?
You cannot enforce such restrictions within Postgres.
It has to be done by an outside mechanism. If you think
different, you are mistaken.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2024-01-31 05:39:54 | Re: Make COPY format extendable: Extract COPY TO format implementations |
| Previous Message | Hayato Kuroda (Fujitsu) | 2024-01-31 05:18:27 | RE: Improve eviction algorithm in ReorderBuffer |