Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Possibility to disable `ALTER SYSTEM`
Date
Msg-id ZgQ0yPnkkEEHVStz@momjian.us
Whole thread Raw
In response to Re: Possibility to disable `ALTER SYSTEM`  (Jelte Fennema-Nio <postgres@jeltef.nl>)
Responses Re: Possibility to disable `ALTER SYSTEM`
List pgsql-hackers
On Wed, Mar 27, 2024 at 03:43:28PM +0100, Jelte Fennema-Nio wrote:
> +      </term>
> +      <listitem>
> +       <para>
> +        When <literal>allow_alter_system</literal> is set to
> +        <literal>on</literal>, an error is returned if the <command>ALTER
> +        SYSTEM</command> command is used. This parameter can only be set in
> +        the <filename>postgresql.conf</filename> file or on the server command
> +        line. The default value is <literal>on</literal>.
> +       </para>

Uh, the above is clearly wrong.  I think you mean "off" on the second line.

> +
> +       <para>
> +        Note that this setting cannot be regarded as a security feature. It
> +        only disables the <literal>ALTER SYSTEM</literal> command. It does not
> +        prevent a superuser from changing the configuration remotely using

Why "remotely"?

> +        other means. A superuser has many ways of executing shell commands at
> +        the operating system level, and can therefore modify
> +        <literal>postgresql.auto.conf</literal> regardless of the value of
> +        this setting. The purpose of the setting is to prevent
> +        <emphasis>accidental</emphasis> modifications via <literal>ALTER
> +        SYSTEM</literal> in environments where
> +        <productname>PostgreSQL</productname> its configuration is managed by

"its"?

> +        some outside mechanism. In such environments, using <command>ALTER
> +        SYSTEM</command> to make configuration changes might appear to work,
> +        but then may be discarded at some point in the future when that outside

"might"

> +        mechanism updates the configuration. Setting this parameter to
> +        <literal>on</literal> can help to avoid such mistakes.
> +       </para>

"off"

Is this really a patch we think we can push into PG 17. I am having my
doubts.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Remove some redundant set_cheapest() calls
Next
From: Robert Haas
Date:
Subject: Re: Possibility to disable `ALTER SYSTEM`