Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters
Date
Msg-id 20130805213959.GM11189@momjian.us
Whole thread Raw
In response to Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters  (Alvaro Herrera <alvherre@2ndquadrant.com>)
List pgsql-hackers
On Mon, Aug  5, 2013 at 03:53:01PM -0400, Alvaro Herrera wrote:
> The other issue is that currently you can only edit a server's config if
> you are logged in to it.  If we permit SQL-level access to that, and
> somebody who doesn't have access to edit the files blocks themselves
> out, there is no way for them to get a working system *at all*.

Well, if we want to give the administrator a way to disable honoring any
previously-defined ALTER SYSTEM SET commands, how would they do that
without OS access?  By definition, they can't connect via SQL, so what
would the API be?

Also, even if they could do it remotely, if they previously set
listen_addresses via ALTER SYSTEM SET, and we then disable all ALTER
SYSTEM SET settings, they still can't access the system because by
default Postgres will only listen on local sockets.

In summary, the SQL interface to configuration parameters is a
convenience, but I don't think it is ever going to be something that can
replace full file system access --- that is not a limitation of the
implemention of ALTER SYSTEM SET, but just something that is impossible.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + It's impossible for everything to be true. +



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: File-per-GUC WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review])
Next
From: Robert Haas
Date:
Subject: Re: don't own lock of type?