Index: doc/src/sgml/runtime.sgml =================================================================== RCS file: /cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v retrieving revision 1.190 diff -c -c -r1.190 runtime.sgml *** doc/src/sgml/runtime.sgml 4 Jul 2003 16:41:21 -0000 1.190 --- doc/src/sgml/runtime.sgml 9 Jul 2003 06:30:03 -0000 *************** *** 1541,1546 **** --- 1541,1547 ---- to the log. The default is NOTICE. Note that LOG has a different rank here than in CLIENT_MIN_MESSAGES. + Only superusers can increase this option. *************** *** 1576,1581 **** --- 1577,1583 ---- SQL statements causing errors, fatal errors, or panics will be logged. Enabling this option can be helpful in tracking down the source of any errors that appear in the server log. + Only superusers can increase this option. *************** *** 1593,1598 **** --- 1595,1602 ---- than 250ms will be logged. Enabling this option can be useful in tracking down unoptimized queries in your applications. + Only superusers can increase this option if it is set to + non-zero by the administrator. *************** *** 1743,1748 **** --- 1747,1754 ---- To use this option, enable LOG_STATEMENT and LOG_PID so you can link the statement to the duration using the process ID. + Only superusers can turn off this option if it is enabled by + the administrator. *************** *** 1765,1770 **** --- 1771,1778 ---- Causes each SQL statement to be logged. + Only superusers can turn off this option if it is enabled by + the administrator. *************** *** 1826,1831 **** --- 1834,1841 ---- For each query, write performance statistics of the respective module to the server log. This is a crude profiling instrument. + Only superusers can turn off this option if it is enabled by + the administrator. Index: src/backend/tcop/postgres.c =================================================================== RCS file: /cvsroot/pgsql-server/src/backend/tcop/postgres.c,v retrieving revision 1.349 diff -c -c -r1.349 postgres.c *** src/backend/tcop/postgres.c 4 Jul 2003 16:41:21 -0000 1.349 --- src/backend/tcop/postgres.c 9 Jul 2003 06:30:08 -0000 *************** *** 1943,1949 **** bool secure; int errs = 0; int debug_flag = 0; ! GucContext ctx; GucSource gucsource; char *tmp; int firstchar; --- 1943,1949 ---- bool secure; int errs = 0; int debug_flag = 0; ! GucContext ctx, debug_context; GucSource gucsource; char *tmp; int firstchar; *************** *** 2018,2024 **** /* all options are allowed until '-p' */ secure = true; ! ctx = PGC_POSTMASTER; gucsource = PGC_S_ARGV; /* initial switches came from command line */ while ((flag = getopt(argc, argv, "A:B:c:CD:d:Eef:FiNOPo:p:S:st:v:W:x:-:")) != -1) --- 2018,2024 ---- /* all options are allowed until '-p' */ secure = true; ! ctx = debug_context = PGC_POSTMASTER; gucsource = PGC_S_ARGV; /* initial switches came from command line */ while ((flag = getopt(argc, argv, "A:B:c:CD:d:Eef:FiNOPo:p:S:st:v:W:x:-:")) != -1) *************** *** 2055,2079 **** case 'd': /* debug level */ { ! debug_flag = atoi(optarg); ! /* Set server debugging level. */ ! if (atoi(optarg) != 0) { ! char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1); ! ! sprintf(debugstr, "debug%s", optarg); ! SetConfigOption("log_min_messages", debugstr, ctx, gucsource); ! pfree(debugstr); ! } - else - /* - * -d0 allows user to prevent postmaster debug - * from propagating to backend. It would be nice - * to set it to the postgresql.conf value here. - */ - SetConfigOption("log_min_messages", "notice", - ctx, gucsource); } break; --- 2055,2088 ---- case 'd': /* debug level */ { ! /* ! * Client option can't decrease debug level. ! * We have to do the test here because we group priv and client ! * set GUC calls below, after we know the final debug value. ! */ ! if (ctx != PGC_BACKEND || atoi(optarg) > debug_flag) { ! debug_flag = atoi(optarg); ! debug_context = ctx; /* save context for use below */ ! /* Set server debugging level. */ ! if (debug_flag != 0) ! { ! char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1); ! ! sprintf(debugstr, "debug%s", optarg); ! SetConfigOption("log_min_messages", debugstr, ctx, gucsource); ! pfree(debugstr); ! ! } ! else ! /* ! * -d0 allows user to prevent postmaster debug ! * from propagating to backend. It would be nice ! * to set it to the postgresql.conf value here. ! */ ! SetConfigOption("log_min_messages", "notice", ! ctx, gucsource); } } break; *************** *** 2323,2342 **** /* ! * -d is not the same as setting ! * log_min_messages because it enables other ! * output options. */ if (debug_flag >= 1) ! SetConfigOption("log_connections", "true", ctx, gucsource); if (debug_flag >= 2) ! SetConfigOption("log_statement", "true", ctx, gucsource); if (debug_flag >= 3) ! SetConfigOption("debug_print_parse", "true", ctx, gucsource); if (debug_flag >= 4) ! SetConfigOption("debug_print_plan", "true", ctx, gucsource); if (debug_flag >= 5) ! SetConfigOption("debug_print_rewritten", "true", ctx, gucsource); /* * Process any additional GUC variable settings passed in startup packet. --- 2332,2350 ---- /* ! * -d is not the same as setting log_min_messages because it enables ! * other output options. */ if (debug_flag >= 1) ! SetConfigOption("log_connections", "true", debug_context, gucsource); if (debug_flag >= 2) ! SetConfigOption("log_statement", "true", debug_context, gucsource); if (debug_flag >= 3) ! SetConfigOption("debug_print_parse", "true", debug_context, gucsource); if (debug_flag >= 4) ! SetConfigOption("debug_print_plan", "true", debug_context, gucsource); if (debug_flag >= 5) ! SetConfigOption("debug_print_rewritten", "true", debug_context, gucsource); /* * Process any additional GUC variable settings passed in startup packet. Index: src/backend/utils/misc/guc.c =================================================================== RCS file: /cvsroot/pgsql-server/src/backend/utils/misc/guc.c,v retrieving revision 1.134 diff -c -c -r1.134 guc.c *** src/backend/utils/misc/guc.c 4 Jul 2003 16:41:21 -0000 1.134 --- src/backend/utils/misc/guc.c 9 Jul 2003 06:30:15 -0000 *************** *** 449,455 **** false, NULL, NULL }, { ! {"log_statement", PGC_SUSET, LOGGING_WHAT, gettext_noop("Causes each SQL statement to be logged"), NULL }, --- 449,455 ---- false, NULL, NULL }, { ! {"log_statement", PGC_USERLIMIT, LOGGING_WHAT, gettext_noop("Causes each SQL statement to be logged"), NULL }, *************** *** 457,463 **** false, NULL, NULL }, { ! {"log_duration", PGC_SUSET, LOGGING_WHAT, gettext_noop("Duration of every completed statement is logged"), NULL }, --- 457,463 ---- false, NULL, NULL }, { ! {"log_duration", PGC_USERLIMIT, LOGGING_WHAT, gettext_noop("Duration of every completed statement is logged"), NULL }, *************** *** 497,503 **** false, NULL, NULL }, { ! {"log_parser_stats", PGC_SUSET, STATS_MONITORING, gettext_noop("Write parser performance stats to server log"), NULL }, --- 497,503 ---- false, NULL, NULL }, { ! {"log_parser_stats", PGC_USERLIMIT, STATS_MONITORING, gettext_noop("Write parser performance stats to server log"), NULL }, *************** *** 505,511 **** false, NULL, NULL }, { ! {"log_planner_stats", PGC_SUSET, STATS_MONITORING, gettext_noop("Write planner performance stats to server log"), NULL }, --- 505,511 ---- false, NULL, NULL }, { ! {"log_planner_stats", PGC_USERLIMIT, STATS_MONITORING, gettext_noop("Write planner performance stats to server log"), NULL }, *************** *** 513,519 **** false, NULL, NULL }, { ! {"log_executor_stats", PGC_SUSET, STATS_MONITORING, gettext_noop("Write executor performance stats to server log"), NULL }, --- 513,519 ---- false, NULL, NULL }, { ! {"log_executor_stats", PGC_USERLIMIT, STATS_MONITORING, gettext_noop("Write executor performance stats to server log"), NULL }, *************** *** 521,527 **** false, NULL, NULL }, { ! {"log_statement_stats", PGC_SUSET, STATS_MONITORING, gettext_noop("Write statement performance stats to server log"), NULL }, --- 521,527 ---- false, NULL, NULL }, { ! {"log_statement_stats", PGC_USERLIMIT, STATS_MONITORING, gettext_noop("Write statement performance stats to server log"), NULL }, *************** *** 1107,1113 **** }, { ! {"log_min_duration_statement", PGC_SUSET, LOGGING_WHEN, gettext_noop("Min execution time (msec) above which statements will " "be logged"), gettext_noop("The default is 0 (turning this feature off).") --- 1107,1113 ---- }, { ! {"log_min_duration_statement", PGC_USERLIMIT, LOGGING_WHEN, gettext_noop("Min execution time (msec) above which statements will " "be logged"), gettext_noop("The default is 0 (turning this feature off).") *************** *** 1228,1234 **** }, { ! {"log_min_messages", PGC_SUSET, LOGGING_WHEN, gettext_noop("Controls which message levels logged"), gettext_noop("Valid values are DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, " "INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each level " --- 1228,1234 ---- }, { ! {"log_min_messages", PGC_USERLIMIT, LOGGING_WHEN, gettext_noop("Controls which message levels logged"), gettext_noop("Valid values are DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, " "INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each level " *************** *** 1248,1254 **** }, { ! {"log_min_error_statement", PGC_SUSET, LOGGING_WHEN, gettext_noop("Controls whether the erroneous statement is logged"), gettext_noop("All SQL statements that cause an error of the " "specified level, or a higher level, are logged") --- 1248,1254 ---- }, { ! {"log_min_error_statement", PGC_USERLIMIT, LOGGING_WHEN, gettext_noop("Controls whether the erroneous statement is logged"), gettext_noop("All SQL statements that cause an error of the " "specified level, or a higher level, are logged") *************** *** 1714,1719 **** --- 1714,1722 ---- Assert(conf->reset_val >= conf->min); Assert(conf->reset_val <= conf->max); + /* Check to make sure we only have valid PGC_USERLIMITs */ + Assert(conf->gen.context != PGC_USERLIMIT || + strcmp(conf->gen.name, "log_min_duration_statement") == 0); if (conf->assign_hook) if (!(*conf->assign_hook) (conf->reset_val, true, false)) fprintf(stderr, "Failed to initialize %s to %d\n", *************** *** 1728,1733 **** --- 1731,1737 ---- Assert(conf->reset_val >= conf->min); Assert(conf->reset_val <= conf->max); + Assert(conf->gen.context != PGC_USERLIMIT); if (conf->assign_hook) if (!(*conf->assign_hook) (conf->reset_val, true, false)) fprintf(stderr, "Failed to initialize %s to %g\n", *************** *** 1741,1746 **** --- 1745,1755 ---- struct config_string *conf = (struct config_string *) gconf; char *str; + /* Check to make sure we only have valid PGC_USERLIMITs */ + Assert(conf->gen.context != PGC_USERLIMIT || + conf->assign_hook == assign_log_min_messages || + conf->assign_hook == assign_client_min_messages || + conf->assign_hook == assign_min_error_statement); *conf->variable = NULL; conf->reset_val = NULL; conf->session_val = NULL; *************** *** 1837,1843 **** struct config_generic *gconf = guc_variables[i]; /* Don't reset non-SET-able values */ ! if (gconf->context != PGC_SUSET && gconf->context != PGC_USERSET) continue; /* Don't reset if special exclusion from RESET ALL */ if (gconf->flags & GUC_NO_RESET_ALL) --- 1846,1854 ---- struct config_generic *gconf = guc_variables[i]; /* Don't reset non-SET-able values */ ! if (gconf->context != PGC_SUSET && ! gconf->context != PGC_USERLIMIT && ! gconf->context != PGC_USERSET) continue; /* Don't reset if special exclusion from RESET ALL */ if (gconf->flags & GUC_NO_RESET_ALL) *************** *** 2286,2291 **** --- 2297,2303 ---- int elevel; bool interactive; bool makeDefault; + bool DoIt_orig; if (context == PGC_SIGHUP || source == PGC_S_DEFAULT) elevel = DEBUG2; *************** *** 2371,2376 **** --- 2383,2389 ---- return false; } break; + case PGC_USERLIMIT: /* USERLIMIT permissions checked below */ case PGC_USERSET: /* always okay */ break; *************** *** 2393,2398 **** --- 2406,2412 ---- * to set the reset/session values even if we can't set the variable * itself. */ + DoIt_orig = DoIt; /* we might have to reverse this later */ if (record->source > source) { if (DoIt && !makeDefault) *************** *** 2422,2427 **** --- 2436,2459 ---- name); return false; } + /* Limit non-super user changes */ + if (record->context == PGC_USERLIMIT && + source > PGC_S_USERSTART && + newval < conf->session_val && + !superuser()) + { + elog(elevel, "'%s': permission denied\n" + "Only super-users can set this value to false.", + name); + return false; + } + /* Allow admin to override non-super user setting */ + if (record->context == PGC_USERLIMIT && + source < PGC_S_USERSTART && + record->session_source > PGC_S_USERSTART && + newval > conf->session_val && + !superuser()) + DoIt = DoIt_orig; } else { *************** *** 2493,2498 **** --- 2525,2549 ---- name, newval, conf->min, conf->max); return false; } + /* Limit non-super user changes */ + if (record->context == PGC_USERLIMIT && + source > PGC_S_USERSTART && + conf->session_val != 0 && + newval > conf->session_val && + !superuser()) + { + elog(elevel, "'%s': permission denied\n" + "Only super-users can increase this value.", + name); + return false; + } + /* Allow admin to override non-super user setting */ + if (record->context == PGC_USERLIMIT && + source < PGC_S_USERSTART && + record->session_source > PGC_S_USERSTART && + newval < conf->session_val && + !superuser()) + DoIt = DoIt_orig; } else { *************** *** 2564,2569 **** --- 2615,2638 ---- name, newval, conf->min, conf->max); return false; } + /* Limit non-super user changes */ + if (record->context == PGC_USERLIMIT && + source > PGC_S_USERSTART && + newval > conf->session_val && + !superuser()) + { + elog(elevel, "'%s': permission denied\n" + "Only super-users can increase this value.", + name); + return false; + } + /* Allow admin to override non-super user setting */ + if (record->context == PGC_USERLIMIT && + source < PGC_S_USERSTART && + record->session_source > PGC_S_USERSTART && + newval < conf->session_val && + !superuser()) + DoIt = DoIt_orig; } else { *************** *** 2628,2633 **** --- 2697,2728 ---- elog(elevel, "out of memory"); return false; } + + if (*conf->variable) + { + int old_int_value, new_int_value; + + /* Limit non-super user changes */ + assign_msglvl(&old_int_value, conf->reset_val, true, interactive); + assign_msglvl(&new_int_value, newval, true, interactive); + if (record->context == PGC_USERLIMIT && + source > PGC_S_USERSTART && + new_int_value > old_int_value && + !superuser()) + { + elog(elevel, "'%s': permission denied\n" + "Only super-users can increase this value.", + name); + return false; + } + /* Allow admin to override non-super user setting */ + if (record->context == PGC_USERLIMIT && + source < PGC_S_USERSTART && + record->session_source > PGC_S_USERSTART && + newval < conf->session_val && + !superuser()) + DoIt = DoIt_orig; + } } else if (conf->reset_val) { Index: src/include/utils/guc.h =================================================================== RCS file: /cvsroot/pgsql-server/src/include/utils/guc.h,v retrieving revision 1.32 diff -c -c -r1.32 guc.h *** src/include/utils/guc.h 11 Jun 2003 18:01:14 -0000 1.32 --- src/include/utils/guc.h 9 Jul 2003 06:30:15 -0000 *************** *** 48,53 **** --- 48,56 ---- * be set in the connection startup packet, because when it is processed * we don't yet know if the user is a superuser. * + * USERLIMIT options can only be manipulated in certain ways by + * non-super users. + * * USERSET options can be set by anyone any time. */ typedef enum *************** *** 57,62 **** --- 60,66 ---- PGC_SIGHUP, PGC_BACKEND, PGC_SUSET, + PGC_USERLIMIT, PGC_USERSET } GucContext; *************** *** 76,86 **** PGC_S_ENV_VAR = 1, /* postmaster environment variable */ PGC_S_FILE = 2, /* postgresql.conf */ PGC_S_ARGV = 3, /* postmaster command line */ ! PGC_S_DATABASE = 4, /* per-database setting */ ! PGC_S_USER = 5, /* per-user setting */ ! PGC_S_CLIENT = 6, /* from client connection request */ ! PGC_S_OVERRIDE = 7, /* special case to forcibly set default */ ! PGC_S_SESSION = 8 /* SET command */ } GucSource; --- 80,95 ---- PGC_S_ENV_VAR = 1, /* postmaster environment variable */ PGC_S_FILE = 2, /* postgresql.conf */ PGC_S_ARGV = 3, /* postmaster command line */ ! PGC_S_USERSTART=4, /* ! * Settings below are controlled by users. ! * This is used by PGC_USERLIMT to prevent ! * non-super users from changing certain settings. ! */ ! PGC_S_DATABASE = 5, /* per-database setting */ ! PGC_S_USER = 6, /* per-user setting */ ! PGC_S_CLIENT = 7, /* from client connection request */ ! PGC_S_OVERRIDE = 8, /* special case to forcibly set default */ ! PGC_S_SESSION = 9 /* SET command */ } GucSource;