Tom Lane escribió:
> What Josh seems to be concerned with in this thread is the question of
> whether we should support an installation *policy decision* not to allow
> ALTER SYSTEM SET. Not because a particular set of parameters is broken,
> but just because somebody is afraid the DBA might break things. TBH
> I'm not sure I buy that, at least not as long as ALTER SYSTEM is a
> superuser feature. There is nothing in Postgres that denies permissions
> to superusers, and this doesn't seem like a very good place to start.
Someone made an argument about this on IRC: GUI tool users are going to
want to use ALTER SYSTEM through point-and-click, and if all we offer is
superuser-level access to the feature, we're going to end up with a lot
of people running with superuser privileges just so that they are able
to tweak inconsequential settings. This seems dangerous.
The other issue is that currently you can only edit a server's config if
you are logged in to it. If we permit SQL-level access to that, and
somebody who doesn't have access to edit the files blocks themselves
out, there is no way for them to get a working system *at all*.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
