| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Martín Marqués <martin(dot)marques(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-01-31 07:43:14 |
| Message-ID: | 72006af4-fad4-4398-81d2-cef0fdd783f0@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 31.01.24 06:28, Tom Lane wrote:
>> The idea of adding a file to the data directory appeals to me.
>>
>> optional_runtime_features.conf
>> alter_system=enabled
>> copy_from_program=enabled
>> copy_to_program=disabled
> ... so, exactly what keeps an uncooperative superuser from
> overwriting that file?
The point of this feature would be to keep the honest people honest.
The first thing I did when ALTER SYSTEM came out however many years ago
was to install Nagios checks to warn when postgresql.auto.conf exists.
Because the thing is an attractive nuisance, especially when you want to
do centralized configuration control. Of course you can bypass it using
COPY PROGRAM etc., but then you *know* that you are *bypassing*
something. If you just see ALTER SYSTEM, you'll think, "that is
obviously the appropriate tool", and there is no generally accepted way
to communicate that, in particular environment, it might not be.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2024-01-31 07:59:26 | Re: table inheritance versus column compression and storage settings |
| Previous Message | Zhijie Hou (Fujitsu) | 2024-01-31 07:23:19 | RE: Synchronizing slots from primary to standby |