| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, x4mmm(at)yandex-team(dot)ru, efimkin(at)yandex-team(dot)ru, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Connection limit doesn't work for superuser |
| Date: | 2018-11-08 23:56:26 |
| Message-ID: | CAKFQuwajjwCZCWiTRiZhySSdDb+SakoKK7HHv7NxH=8H+cS+3Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Nov 7, 2018 at 11:14 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> If people are okay with having rolconnlimit act
> differently from datconnlimit in this respect, then I'll withdraw
> my objection.
Since the rolconnlimit specifically and precisely targets the
superuser in a narrow manner it makes sense on its face to recognize
it. That the indirect targeting of all superusers via datconnlimit is
ignored is likewise a reasonable decision. Ignoring datconnlimit
doesn't reduce the validity of having the rolconnlimit setting be
enforced and I do not see a substantial argument for why doing so
could be harmful to a reasonably skilled operator; while it provides a
reasonable, if likely seldom used, capability that is already long
established for non-superusers.
For me the burden falls onto why rolconnlimit should not be
enforced...regardless of the fact that unenforced is status quo. We
generally tend toward giving superusers abilities and letting them
decide how to use them and this should be no different.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2018-11-09 00:58:51 | Re: Connection slots reserved for replication |
| Previous Message | Tom Lane | 2018-11-08 23:27:15 | Re: [HACKERS] Surjective functional indexes |