> On 19 Mar 2024, at 15:51, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Heikki Linnakangas <hlinnaka@iki.fi> writes:
>> Perhaps we could make that even better with a GUC though. I propose a
>> GUC called 'configuration_managed_externally = true / false". If you set
>> it to true, we prevent ALTER SYSTEM and make the error message more
>> definitive:
>
>> postgres=# ALTER SYSTEM SET wal_level TO minimal;
>> ERROR: configuration is managed externally
>
>> As a bonus, if that GUC is set, we could even check at server startup
>> that all the configuration files are not writable by the postgres user,
>> and print a warning or refuse to start up if they are.
>
> I like this idea. The "bonus" is not optional though, because
> setting the files' ownership/permissions is the only way to be
> sure that the prohibition is even a little bit bulletproof.
Agreed, assuming we can solve the below..
> One small issue: how do we make that work on Windows? Have recent
> versions grown anything that looks like real file permissions?
--
Daniel Gustafsson
