Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET

From: Josh Berkus <josh(at)agliodbs(dot)com>
To: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Greg Stark <stark(at)mit(dot)edu>, Andres Freund <andres(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Kapila <amit(dot)kapila(at)huawei(dot)com>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Subject: Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET
Date: 2013-08-05 18:21:57
Message-ID: 51FFED45.2010303@agliodbs.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 08/05/2013 11:14 AM, Stefan Kaltenbrunner wrote:
> * in a few years from now people will just use superuser over the
> network for almost all stuff "because its easy and I can click around in
> $gui", having potential "unsafe" operations available over the network
> will in turn cause a lot of actual downtime (in a lot of cases the
> reason why people want remote management is because the don't have
> physical/shell access - so if they break stuff they cannot fix)

See thread "Disabling ALTER SYSTEM SET".

> * for classic IaaS/SaaS/DBaaS the ALTER SYSTEM seems to be mostly
> useless in the current form - because most of them will not or cannot
> hand out flat out superuser (like if you run a managed service you might
> want customers to be able to tweak some stuff but say not
> archive/pitr/replication stuff because the responsibility for backups is
> with the hosting company)

100% in agreement. If someone thought we were serving DBAAS with this,
they haven't paid attention to the patch.

However, there are other places where ALTER SYSTEM SET will be valuable.
For example, for anyone who wants to implement an autotuning utility.
For example, I'm writing a network utility which checks bgwriter stats
and tries adjusting settings over the network to improve checkpoint
issues. Not having to SSH configuration files into place (and make sure
they're not overridden by other configuration files) would make writing
that script a *lot* easier. Same thing with automated performance testing.

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Fujii Masao 2013-08-05 18:24:58 Should we remove "not fast" promotion at all?
Previous Message Stefan Kaltenbrunner 2013-08-05 18:20:19 Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET