| From: | Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com> |
|---|---|
| To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2023-09-08 14:17:04 |
| Message-ID: | CA+VUV5qEWF3nSqnKSJ2Z2B+jH2jLbz-+navHTp1keG8Dx6ZfLQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Isaac,
On Fri, 8 Sept 2023 at 16:11, Isaac Morland <isaac(dot)morland(at)gmail(dot)com> wrote:
> Alternate idea, not sure how good this is: Use existing OS security
> features (regular permissions, or more modern features such as the
> immutable attribute) to mark the postgresql.auto.conf file as not being
> writeable. Then any attempt to ALTER SYSTEM should result in an error.
>
That is the point I highlighted in the initial post in the thread. We could
make it readonly, but the returned error is misleading and definitely poor
UX:
```
postgres=# ALTER SYSTEM SET wal_level TO minimal;
ERROR: could not open file "postgresql.auto.conf": Permission denied
```
IMO we should clearly state that `ALTER SYSTEM` is deliberately disabled in
a system, rather than indirectly hinting it through an inaccessible file.
Not sure if I am clearly highlighting the fine difference here.
Thanks,
Gabriele
--
Gabriele Bartolini
Vice President, Cloud Native at EDB
enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jean-Christophe Arnu | 2023-09-08 14:41:42 | FDW pushdown of non-collated functions |
| Previous Message | Isaac Morland | 2023-09-08 14:11:30 | Re: Possibility to disable `ALTER SYSTEM` |