Quick Links

Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters

From:	Bruce Momjian <bruce(at)momjian(dot)us>
To:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Greg Stark <stark(at)mit(dot)edu>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Kapila <amit(dot)kapila(at)huawei(dot)com>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters
Date:	2013-08-05 21:39:59
Message-ID:	20130805213959.GM11189@momjian.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Mon, Aug 5, 2013 at 03:53:01PM -0400, Alvaro Herrera wrote:
> The other issue is that currently you can only edit a server's config if
> you are logged in to it. If we permit SQL-level access to that, and
> somebody who doesn't have access to edit the files blocks themselves
> out, there is no way for them to get a working system *at all*.

Well, if we want to give the administrator a way to disable honoring any
previously-defined ALTER SYSTEM SET commands, how would they do that
without OS access? By definition, they can't connect via SQL, so what
would the API be?

Also, even if they could do it remotely, if they previously set
listen_addresses via ALTER SYSTEM SET, and we then disable all ALTER
SYSTEM SET settings, they still can't access the system because by
default Postgres will only listen on local sockets.

In summary, the SQL interface to configuration parameters is a
convenience, but I don't think it is ever going to be something that can
replace full file system access --- that is not a limitation of the
implemention of ALTER SYSTEM SET, but just something that is impossible.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +

In response to

Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters at 2013-08-05 19:53:01 from Alvaro Herrera

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2013-08-05 21:58:13	Re: don't own lock of type?
Previous Message	Bruce Momjian	2013-08-05 21:29:48	Re: File-per-GUC WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review])