| From: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
|---|---|
| To: | Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2023-09-08 14:11:30 |
| Message-ID: | CAMsGm5dqA64nQPk1y+GchhC+PZ22LaeXBA3PeEmb94zdBx_=2g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 8 Sept 2023 at 10:03, Gabriele Bartolini <
gabriele(dot)bartolini(at)enterprisedb(dot)com> wrote:
> ALTER SYSTEM is already heavily restricted.
>
>
> Could you please help me better understand what you mean here?
>
>
>> I don't think we need random kluges added to the permissions system.
>
>
> If you allow me, why do you think disabling ALTER SYSTEM altogether is a
> random kluge? Again, I'd like to better understand this position. I've
> personally been in many conversations on the security side of things for
> Postgres in Kubernetes environments, and this is a frequent concern by
> users who request that changes to the Postgres system (not a database)
> should only be done declaratively and prevented from within the system.
>
Alternate idea, not sure how good this is: Use existing OS security
features (regular permissions, or more modern features such as the
immutable attribute) to mark the postgresql.auto.conf file as not being
writeable. Then any attempt to ALTER SYSTEM should result in an error.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gabriele Bartolini | 2023-09-08 14:17:04 | Re: Possibility to disable `ALTER SYSTEM` |
| Previous Message | Dmitry Dolgov | 2023-09-08 13:45:27 | Re: [RFC] Add jit deform_counter |