Tom Lane wrote:
>Andrew Dunstan <andrew@dunslane.net> writes:
>
>
>>How about if we do something like this?:
>>
>>
>
>
>
>>. initdb creates a tmpdir inside the datadir
>>. a new GUC var called allowed_copy_locations which is a PATH type
>>string specifying what directories we can copy to/from. This would by
>>default be "$tmpdir"
>>
>>
>
>Given that COPY to/from a file is already allowed only to superusers,
>I'm not sure how effective a GUC variable will be in constraining what
>they do with it. We'd have to at least restrict it to SIGHUP, which'd
>mean you couldn't change it without the ability to write the config
>file.
>
>
>
>
If we actually had an API for remote config changes, rather than just
allowing file system level access, one might have a category of settings
that could not be set remotely - this would be a prime candidate ;-)
cheers
andrew
