From: | Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, Josh <josh(at)schemaverse(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: SET variable - Permission issues |
Date: | 2011-10-10 20:52:22 |
Message-ID: | CABwTF4UxATGUBaTC29UFgMXxrF=Rq6o+qD9i35PWEMzoWYgfaQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Oct 10, 2011 at 2:55 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Mon, Oct 10, 2011 at 2:38 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Any developer who can't think of six ways to DOS the server without
> > changing those settings should be fired on the spot for incompetence.
>
> No kidding. But the point is that if the developer down the hall
> maliciously destroys your database server, you can go through channels
> and get him reprimanded or fired. But if the developer down the hall
> is a new hire who doesn't know beans about PostgreSQL and tries
> setting work_mem to 10GB, well, oops, it was an accident. And then
> another developer gets hired three weeks later and does the same
> thing. And then three months later somebody does it again. After a
> while people no longer remember that in each case it was a developer
> to blame. What they remember is that the DBA let the server go down
> three times.
>
IOW, honest mistakes happen.
Would it be possible to make the SUSET/USERSET property of a GUC modifiable?
So a DBA can do
ALTER USER novice SET CONTEXT OF work_mem TO 'superuser';
Or, maybe
ALTER USER novice SET MAX_VAL OF work_mem TO '1 MB';
and extend it to say
ALTER USER novice SET MIN_VAL OF statement_timeout TO '1';
-- So that the user cannot turn off the timeout
ALTER DATABASE super_reliable SET ENUM_VALS OF synchronous_commit TO 'on';
-- So that the user cannot change the synchronicity of transactions against
this database.
Regards,
--
Gurjeet Singh
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2011-10-10 20:52:55 | Re: unite recovery.conf and postgresql.conf |
Previous Message | Kohei KaiGai | 2011-10-10 20:28:24 | Re: [v9.2] Fix Leaky View Problem |