Home > mailing lists

Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Possibility to disable `ALTER SYSTEM`
Date	September 7, 2023 23:27:14
Msg-id	1756006.1694118434@sss.pgh.pa.us Whole thread Raw
In response to	Possibility to disable `ALTER SYSTEM` (Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>)
Responses	Re: Possibility to disable `ALTER SYSTEM`
List	pgsql-hackers

Tree view

Gabriele Bartolini <gabriele.bartolini@enterprisedb.com> writes:
> I would like to propose a patch that allows administrators to disable
> `ALTER SYSTEM` via either a runt-time option to pass to the Postgres server
> process at startup (e.g. `--disable-alter-system=true`, false by default)
> or a new GUC (or even both), without changing the current default method of
> the server.

ALTER SYSTEM is already heavily restricted.  I don't think we need random
kluges added to the permissions system.  I especially don't believe in
kluges to the effect of "superuser doesn't have all permissions anymore".

If you nonetheless feel that that's a good idea for your use case,
you can implement the restriction with an event trigger or the like.

            regards, tom lane

pgsql-hackers by date:

From: Gabriele Bartolini
Date: 07 September 2023, 23:03:16
Subject: Re: Possibility to disable `ALTER SYSTEM`

From: Nathan Bossart
Date: 08 September 2023, 00:54:13
Subject: Re: Document that server will start even if it's unable to open some TCP/IP ports

Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

Previous

Next