| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: ALTER SYSTEM vs symlink |
| Date: | 2015-11-02 15:14:17 |
| Message-ID: | 25169.1446477257@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Andres Freund (andres(at)anarazel(dot)de) wrote:
>> You can just revoke permissions on the file if necessary. Results in the
>> expected
>> ERROR: XX000: could not open file "../postgresql.auto.conf": Permission denied
> Yes, I know, but that's a really grotty way of offering a way to disable
> ALTER SYSTEM. It's also not exactly intuitive to someone reading the
> release notes or working on upgrading their existing postgresql.conf.
While I won't stand in the way if someone is dead set on providing a
disable switch for ALTER SYSTEM, I fail to see the point of one. It's
a superuser-only feature to begin with, and if you are handing out
superuser on production-critical installations to people you don't trust
completely, you need to have your head examined.
As a directly comparable example, I note that you yourself were in favor
of getting rid of rolcatupdate, which was the only mechanism we ever had
that could prevent a superuser from destroying the catalogs entirely
with a mistyped update --- consider "DELETE FROM pg_proc", for example,
which unlike ALTER SYSTEM there is simply no way to recover from.
How is it that we don't need rolcatupdate but we do need a way to shut
off ALTER SYSTEM? Doesn't compute, IMO.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Catalin Iacob | 2015-11-02 16:01:43 | Re: proposal: PL/Pythonu - function ereport |
| Previous Message | Stephen Frost | 2015-11-02 14:50:23 | Re: ALTER SYSTEM vs symlink |