| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Bruce Momjian <bruce(at)momjian(dot)us>, Joel Jacobson <joel(at)compiler(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, Maciek Sakrejda <m(dot)sakrejda(at)gmail(dot)com> |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-03-20 19:14:47 |
| Message-ID: | CA+TgmoZMkt8jLe4Owgk_1BaFfLSkP3cZpPPMGdBT+DFKKvMUEg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 20, 2024 at 3:11 PM Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> I would argue that having the default permissions not allow postgres to edit it's own config files *except* for postgresql.auto.conf would be a better default than what we have now, but that's completely independent of the patch being discussed on this thread. (And FWIW also already solved on debian-based platforms for example, which but the main config files in /etc with postgres only having read permissions on them - and having the *packagers* adapt such things for their platforms in general seems like a better place).
I don't think that I agree that it's categorically better, but it
might be better for some people or in some circumstances. I very much
do agree that it's a packaging question rather than our job to sort
out.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2024-03-20 19:16:52 | Re: Possibility to disable `ALTER SYSTEM` |
| Previous Message | Magnus Hagander | 2024-03-20 19:11:32 | Re: Possibility to disable `ALTER SYSTEM` |