Peter Eisentraut wrote:
> Bruce Momjian writes:
>
> > I don't know. Automatically modifying a manually maintained config file
> > isn't too common a feature. One problem would be if you where modifying
> > the file in your editor and the backend rewrote the file.
>
> That's not different from you modifying the file in your editor and
> someone else doing the same thing at the same time. Yes, the concurrency
> issues are not trivial, but they can be solved.
Well, hopefully there is only one administrator at a time modifying
pg_hba.conf. Random user/group mods by any superuser seems like a much
more frequent occurance. Another thing is that people duing
database-level user/group changes may not even know they are modifying
pg_hba.conf.
> > I think groups will give use the ability to add/remove connection from
> > within the database. You just need to mention the group name in the
> > config file. My original idea was to automatically identify some group
> > name for each database but maybe that is too smart.
>
> Yes, that is perfectly fine. I just want an additional interface that
> allows you to "mention the group name in the config file" while connected
> to the database.
I understand. I think the only way to do this cleanly is to have a
per-database system group that can be created and modified inside the
database. We can even have an 'all' group to match pg_hba.conf's
database column 'all'. It is actually trivial to do this in the code
with my patch.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
