| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Martín Marqués <martin(dot)marques(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2024-02-06 14:10:27 |
| Message-ID: | e1198838-8b42-4d62-801c-c4bfb3eb6532@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 31.01.24 11:16, Gabriele Bartolini wrote:
> I very much like the idea of a file in the data directory that also
> controls the copy operations.
>
> Just wanted to highlight though that in our operator we have already
> applied the read-only postgresql.auto.conf trick to disable the system
> (see
> https://cloudnative-pg.io/documentation/current/postgresql_conf/#enabling-alter-system <https://cloudnative-pg.io/documentation/current/postgresql_conf/#enabling-alter-system>). However, having that file read-only triggered an issue when using pg_rewind to resync a former primary, as pg_rewind immediately bails out when a read-only file is encountered in the PGDATA (see https://github.com/cloudnative-pg/cloudnative-pg/issues/3698 <https://github.com/cloudnative-pg/cloudnative-pg/issues/3698>).
>
> We might keep this in mind if we go down the path of the separate file.
How about ALTER SYSTEM is disabled if the file
postgresql.auto.conf.disabled exists? This is somewhat similar to making
the file read-only, but doesn't risk other tools breaking when they
encounter such a file. And it's more obvious and self-explaining.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2024-02-06 14:38:06 | Re: Possibility to disable `ALTER SYSTEM` |
| Previous Message | Mats Kindahl | 2024-02-06 14:06:26 | glibc qsort() vulnerability |