Thread

  1. read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-03-16T12:28:17Z

    Hi all,
    
    I've read TODO list in the 8.0.1,
    then I'm interested in the following topic.
    
    > * Allow a warm standby system to also allow read-only queries
    
    Does anyone have any plan to work on this?
    
    I think we need to extend the pg_database catalog to
    have a database state (read-only or writable),
    and also need to extend ALTER DATABASE command
    to change the state.
    
    To make a database read-only, ALTER DATABASE command may change
    MyDatabaseReadOnly flag (like XactReadOnly)
    and update the pg_database catalog.
    If MyDatabaseReadOnly is true, check_xact_readonly() or
    ExecCheckXactReadOnly() will prevent from updating the database.
    
    Otherwise, I think we can also prevent from updating the database
    around acquiring the XLogInsert lock.
    
    Any ideas?  or any suggestions?
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp
    
    
    
  2. Re: read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-03-16T15:24:26Z

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> writes:
    >> * Allow a warm standby system to also allow read-only queries
    
    > Does anyone have any plan to work on this?
    
    > I think we need to extend the pg_database catalog to
    > have a database state (read-only or writable),
    > and also need to extend ALTER DATABASE command
    > to change the state.
    
    Uh, no, because changing that would by definition not be a read-only
    operation.  Therefore there'd be no way to enter the read-only state,
    and definitely no way to get out of it again.  Furthermore, the
    envisioned behavior is cluster-wide not per-database: the point is
    to not execute transactions and not generate WAL entries, and you
    don't get to be selective about that.  (If it doesn't work like that,
    you couldn't use it for the intended purpose of examining the state
    of a hot-standby PITR backup that is actively tracking WAL logs
    shipped from a master.  It'd also not be useful for looking at
    a corrupted cluster.)
    
    I'd view this as a postmaster state that propagates to backends.
    Probably you'd enable it by means of a postmaster option, and the
    only way to get out of it is to shut down and restart the postmaster
    without the option.
    
    			regards, tom lane
    
    
  3. Re: read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-03-17T00:37:33Z

    Tom Lane wrote:
    > Uh, no, because changing that would by definition not be a read-only
    > operation.  Therefore there'd be no way to enter the read-only state,
    > and definitely no way to get out of it again.
    
    I saw Oracle's reference manual, and found ALTER DATABASE OPEN READ ONLY command
    to make a stand-by database.
    
    In Oracle, when the user execute the command, the database goes read-only mode.
    Is this a bad idea?
    
    I guess some users need per-database read-only state.
    Don't we need to have both read-only and writable databases in single cluster?
    
    Of course, the super-user can change the database state even in read-only.
    
    > Furthermore, the
    > envisioned behavior is cluster-wide not per-database: the point is
    > to not execute transactions and not generate WAL entries, and you
    > don't get to be selective about that.  (If it doesn't work like that,
    > you couldn't use it for the intended purpose of examining the state
    > of a hot-standby PITR backup that is actively tracking WAL logs
    > shipped from a master.  It'd also not be useful for looking at
    > a corrupted cluster.)
    >
    > I'd view this as a postmaster state that propagates to backends.
    > Probably you'd enable it by means of a postmaster option, and the
    > only way to get out of it is to shut down and restart the postmaster
    > without the option.
    
    I agree this is a reasonable way to make cluster-wide read-only state.
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  4. Re: read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-03-17T03:20:34Z

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> writes:
    > Tom Lane wrote:
    >> Uh, no, because changing that would by definition not be a read-only
    >> operation.  Therefore there'd be no way to enter the read-only state,
    >> and definitely no way to get out of it again.
    
    > I saw Oracle's reference manual, and found ALTER DATABASE OPEN READ ONLY command
    > to make a stand-by database.
    
    Perhaps, but that's *not* what the TODO item is about.
    
    			regards, tom lane
    
    
  5. Re: read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-03-17T03:40:24Z

    Tom Lane wrote:
    >>I saw Oracle's reference manual, and found ALTER DATABASE OPEN READ ONLY command
    >>to make a stand-by database.
    > 
    > Perhaps, but that's *not* what the TODO item is about.
    
    I see.
    
    Thanks for comments.
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  6. Re: read-only database

    Simon Riggs <simon@2ndquadrant.com> — 2005-03-17T09:13:50Z

    On Thu, 2005-03-17 at 12:40 +0900, Satoshi Nagayasu wrote:
    > Tom Lane wrote:
    > >>I saw Oracle's reference manual, and found ALTER DATABASE OPEN READ ONLY command
    > >>to make a stand-by database.
    > > 
    > > Perhaps, but that's *not* what the TODO item is about.
    > 
    > I see.
    > 
    > Thanks for comments.
    
    The Oracle ALTER DATABASE command is part of the multi-step process to
    mount an Oracle database into a running instance. It isn't something
    that you can dip in and out of when you choose, as far as I am aware:
    you can only run it on a warm standby database that is receiving logs
    shipped from another database.
    i.e. Oracle warm-standby databases have 3 run states (ok, more, but...)
    1. warm standby
    2. read-only
    3. fully-operational
    You can switch between 1 and 2 and back again, but once you go to 3 then
    you cannot switch back.
    
    What Tom just proposed about having an additional run-state between
    running-recovery and fully-operational is essentially the same thing.
    Tom's overall strategy would be workable in PostgreSQL terms, with some
    work and would provide similar functionality to Oracle.
    
    Having said that, I believe we're not close to making that work just yet
    - its a good end goal because there may be choices along the way that
    may need to consider the longer term goal.
    
    Best Regards, Simon Riggs
    
    
    
    
    
  7. Re: read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-03-21T05:11:42Z

    Tom Lane wrote:
    > I'd view this as a postmaster state that propagates to backends.
    > Probably you'd enable it by means of a postmaster option, and the
    > only way to get out of it is to shut down and restart the postmaster
    > without the option.
    
    I've created a patch to make a postmaster read-only.
    (attached patch can be applied to 8.0.1)
    
    Read-only state can be enabled/disabled by the postmaster option,
    or the postgresql.conf option.
    
    If you start the postmaster with "-r" options,
    the cluster will go to read-only.
    
    % pg_ctl -o "-i -r" -D $PGDATA start
    
    Or if you set "readonly_cluster = true" in the postgresql.conf,
    the cluster will also become read-only.
    
    Any comments?
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp
    
  8. Re: [HACKERS] read-only database

    Bruce Momjian <pgman@candle.pha.pa.us> — 2005-05-06T23:09:18Z

    Satoshi Nagayasu wrote:
    > 
    > Tom Lane wrote:
    > > I'd view this as a postmaster state that propagates to backends.
    > > Probably you'd enable it by means of a postmaster option, and the
    > > only way to get out of it is to shut down and restart the postmaster
    > > without the option.
    > 
    > I've created a patch to make a postmaster read-only.
    > (attached patch can be applied to 8.0.1)
    > 
    > Read-only state can be enabled/disabled by the postmaster option,
    > or the postgresql.conf option.
    > 
    > If you start the postmaster with "-r" options,
    > the cluster will go to read-only.
    > 
    > % pg_ctl -o "-i -r" -D $PGDATA start
    > 
    > Or if you set "readonly_cluster = true" in the postgresql.conf,
    > the cluster will also become read-only.
    
    Nice idea.  I have attached a new patch which has a few adjustments.
    
    First, we are moving away from using postmaster flags, and instead
    encouraging people to use postgresql.conf, so I removed the -r flag but
    added an entry in postgresql.conf for this.  I can see why it might be
    nice to have it as a postmaster flag, but at a certain point the number
    of flags gets too confusing so postgresql.conf is better.  Second, I
    changed it so it can be modified by a sighup to the postmaster, which
    can't be done with a postmaster flag.
    
    Also, I renamed it to server_read_only because that seems more
    consistent than readonly_cluster.
    
    Also, I added documentation for this postgresql.conf variable.
    
    With this change, I see we now have three read_only options:
    
    	transaction_read_only
    	default_transaction_read_only
    	server_read_only
    
    The first one is not documented (should it be?) and I assume allows you
    to query and change the READ ONLY status of a single transaction, while
    default_transaction_read_only affects all new transactions for the
    session, and server_read_only is for all transactions on the server.
    
    It seems server_read_only is the same as default_transaction_read_only
    except it can't be changed.  It seems more like a secure version of
    default_transaction_read_only rather than something new.
    
    If we set default_transaction_read_only to true in postgresql.conf,
    could we just prevent that from being changed by a session.  As I
    remember we have abandoned the idea of trying to limit session changes
    to postgresql.conf values so maybe this is the way we have to go.
    
    -- 
      Bruce Momjian                        |  http://candle.pha.pa.us
      pgman@candle.pha.pa.us               |  (610) 359-1001
      +  If your life is a hard drive,     |  13 Roberts Road
      +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
    
  9. Re: [HACKERS] read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-05-06T23:35:31Z

    Bruce Momjian <pgman@candle.pha.pa.us> writes:
    > It seems server_read_only is the same as default_transaction_read_only
    > except it can't be changed.
    
    I thought the TODO item was for a low-level read-only option, suitable
    for trying to look at a corrupted database or run off a read-only volume.
    This is very far from being that --- it allows temp table creation/use,
    and it still eats transaction IDs so it is certainly not read-only to
    xlog or clog.
    
    I am not sure I see any use case for this implementation: it is
    read-only enough to get in your way, without being read-only enough
    to derive any real benefit.
    
    			regards, tom lane
    
    
  10. Re: [HACKERS] read-only database

    Bruce Momjian <pgman@candle.pha.pa.us> — 2005-05-07T02:10:12Z

    Tom Lane wrote:
    > Bruce Momjian <pgman@candle.pha.pa.us> writes:
    > > It seems server_read_only is the same as default_transaction_read_only
    > > except it can't be changed.
    > 
    > I thought the TODO item was for a low-level read-only option, suitable
    > for trying to look at a corrupted database or run off a read-only volume.
    > This is very far from being that --- it allows temp table creation/use,
    > and it still eats transaction IDs so it is certainly not read-only to
    > xlog or clog.
    > 
    > I am not sure I see any use case for this implementation: it is
    > read-only enough to get in your way, without being read-only enough
    > to derive any real benefit.
    
    I am not sure I see the use case either but I developed it so everyone
    could look at it and decide if it is useful.  When true, it is basically
    a unchangable default_transaction_read_only.
    
    -- 
      Bruce Momjian                        |  http://candle.pha.pa.us
      pgman@candle.pha.pa.us               |  (610) 359-1001
      +  If your life is a hard drive,     |  13 Roberts Road
      +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
    
    
  11. Re: [HACKERS] read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-05-09T00:02:07Z

    I think the read-only has two meanings for the user.
    
    First is the internal state. XID, OID or something like that.
    In these cases, the internal state mustn't be changed.
    Some users will need the read-only for internal state.
    
    Second is read-only for the user data contents.
    In some cases, the user want to make the user data as read-only.
    For this purpose, the user doesn't care XID or OID, I guess.
    
    So, we can implement them in different way.
    I think both are necessary.
    
    Bruce Momjian wrote:
    > Tom Lane wrote:
    > 
    >>Bruce Momjian <pgman@candle.pha.pa.us> writes:
    >>
    >>>It seems server_read_only is the same as default_transaction_read_only
    >>>except it can't be changed.
    >>
    >>I thought the TODO item was for a low-level read-only option, suitable
    >>for trying to look at a corrupted database or run off a read-only volume.
    >>This is very far from being that --- it allows temp table creation/use,
    >>and it still eats transaction IDs so it is certainly not read-only to
    >>xlog or clog.
    >>
    >>I am not sure I see any use case for this implementation: it is
    >>read-only enough to get in your way, without being read-only enough
    >>to derive any real benefit.
    > 
    > 
    > I am not sure I see the use case either but I developed it so everyone
    > could look at it and decide if it is useful.  When true, it is basically
    > a unchangable default_transaction_read_only.
    > 
    
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  12. Re: [HACKERS] read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-05-09T00:23:16Z

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> writes:
    > I think the read-only has two meanings for the user.
    > First is the internal state. XID, OID or something like that.
    > In these cases, the internal state mustn't be changed.
    > Some users will need the read-only for internal state.
    
    > Second is read-only for the user data contents.
    > In some cases, the user want to make the user data as read-only.
    > For this purpose, the user doesn't care XID or OID, I guess.
    
    > So, we can implement them in different way.
    > I think both are necessary.
    
    Indeed, but we already have a implementation of the second form, in
    a reasonably spec-compliant fashion.  The TODO item concerns the first
    form, which is something that the current system cannot do at all.
    
    			regards, tom lane
    
    
  13. Re: [HACKERS] read-only database

    Alvaro Herrera <alvherre@dcc.uchile.cl> — 2005-05-09T00:48:01Z

    On Mon, May 09, 2005 at 09:02:07AM +0900, Satoshi Nagayasu wrote:
    > I think the read-only has two meanings for the user.
    > 
    > First is the internal state. XID, OID or something like that.
    > In these cases, the internal state mustn't be changed.
    > Some users will need the read-only for internal state.
    > 
    > Second is read-only for the user data contents.
    > In some cases, the user want to make the user data as read-only.
    > For this purpose, the user doesn't care XID or OID, I guess.
    > 
    > So, we can implement them in different way.
    > I think both are necessary.
    
    But the second is only a subset of the first, no?  So why not just
    implement the first?  Put another way, why do you think the second is
    necessary?
    
    -- 
    Alvaro Herrera (<alvherre[@]dcc.uchile.cl>)
    Thou shalt check the array bounds of all strings (indeed, all arrays), for
    surely where thou typest "foo" someone someday shall type
    "supercalifragilisticexpialidocious" (5th Commandment for C programmers)
    
    
  14. Re: [HACKERS] read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-05-09T03:48:02Z

    > But the second is only a subset of the first, no?  So why not just
    > implement the first?  Put another way, why do you think the second is
    > necessary?
    
    Because there is "default_transaction_read_only" option and
    implementation.
    
    My implementation is an extension of the existing option.
    
    I wanted to make the postmaster read-only, and found
    "default_transaction_read_only" option, but it can be overwritten.
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  15. Re: [HACKERS] read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-05-09T03:52:35Z

    Satoshi Nagayasu wrote:
    > I wanted to make the postmaster read-only, and found
    > "default_transaction_read_only" option, but it can be overwritten.
    
    I mean it can be overridden by the user. I don't want that.
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  16. Re: [HACKERS] read-only database

    Bruce Momjian <pgman@candle.pha.pa.us> — 2005-05-10T02:13:22Z

    Satoshi Nagayasu wrote:
    > 
    > Satoshi Nagayasu wrote:
    > > I wanted to make the postmaster read-only, and found
    > > "default_transaction_read_only" option, but it can be overwritten.
    > 
    > I mean it can be overridden by the user. I don't want that.
    
    I understand, but we haven't gotten enough requests from people for a
    new option that can't be overridden.
    
    -- 
      Bruce Momjian                        |  http://candle.pha.pa.us
      pgman@candle.pha.pa.us               |  (610) 359-1001
      +  If your life is a hard drive,     |  13 Roberts Road
      +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
    
    
  17. Re: [HACKERS] read-only database

    Alvaro Herrera <alvherre@dcc.uchile.cl> — 2005-05-10T02:37:32Z

    On Mon, May 09, 2005 at 10:13:22PM -0400, Bruce Momjian wrote:
    > Satoshi Nagayasu wrote:
    > > 
    > > Satoshi Nagayasu wrote:
    > > > I wanted to make the postmaster read-only, and found
    > > > "default_transaction_read_only" option, but it can be overwritten.
    > > 
    > > I mean it can be overridden by the user. I don't want that.
    > 
    > I understand, but we haven't gotten enough requests from people for a
    > new option that can't be overridden.
    
    The ability to have PGDATA in read-only media (like CDs) has been
    requested a lot of times, hasn't it?
    
    -- 
    Alvaro Herrera (<alvherre[@]dcc.uchile.cl>)
    "Porque francamente, si para saber manejarse a uno mismo hubiera que
    rendir examen... ¿Quién es el machito que tendría carnet?"  (Mafalda)
    
    
  18. Re: [HACKERS] read-only database

    Bruce Momjian <pgman@candle.pha.pa.us> — 2005-05-10T02:43:13Z

    Alvaro Herrera wrote:
    > On Mon, May 09, 2005 at 10:13:22PM -0400, Bruce Momjian wrote:
    > > Satoshi Nagayasu wrote:
    > > > 
    > > > Satoshi Nagayasu wrote:
    > > > > I wanted to make the postmaster read-only, and found
    > > > > "default_transaction_read_only" option, but it can be overwritten.
    > > > 
    > > > I mean it can be overridden by the user. I don't want that.
    > > 
    > > I understand, but we haven't gotten enough requests from people for a
    > > new option that can't be overridden.
    > 
    > The ability to have PGDATA in read-only media (like CDs) has been
    > requested a lot of times, hasn't it?
    
    Right.  I am saying the idea of having a GUC that acts like
    "default_transaction_read_only" but can't be changed isn't something
    that has been requested frequently.
    
    -- 
      Bruce Momjian                        |  http://candle.pha.pa.us
      pgman@candle.pha.pa.us               |  (610) 359-1001
      +  If your life is a hard drive,     |  13 Roberts Road
      +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
    
    
  19. Re: [HACKERS] read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-05-10T02:45:45Z

    Alvaro Herrera <alvherre@dcc.uchile.cl> writes:
    > The ability to have PGDATA in read-only media (like CDs) has been
    > requested a lot of times, hasn't it?
    
    It's come up a few times ... more than an un-overridable read-only mode
    anyway.  Also, I should think that those who want a secure read-only
    mode want it enforced selectively --- for instance, assuredly read-only
    for some users but not others.  I can hardly see any use case for the
    patch as proposed; it seems to have all the disadvantages of a low-level
    read-only mode (eg, not selective) without any of the advantages.
    
    			regards, tom lane
    
    
  20. Re: [HACKERS] read-only database

    Bruce Momjian <pgman@candle.pha.pa.us> — 2005-05-10T02:50:34Z

    Tom Lane wrote:
    > Alvaro Herrera <alvherre@dcc.uchile.cl> writes:
    > > The ability to have PGDATA in read-only media (like CDs) has been
    > > requested a lot of times, hasn't it?
    > 
    > It's come up a few times ... more than an un-overridable read-only mode
    > anyway.  Also, I should think that those who want a secure read-only
    > mode want it enforced selectively --- for instance, assuredly read-only
    > for some users but not others.  I can hardly see any use case for the
    > patch as proposed; it seems to have all the disadvantages of a low-level
    > read-only mode (eg, not selective) without any of the advantages.
    
    Having removed our security for not allowing override of things like
    log_statement, it seems we need a more general capability for
    controlling how something can be set that no one can change.
    
    One nify trick would be to use '=' in postgresql.conf for things that
    can be over-ridden by the user, and ':=' for values that can not be
    changed.  I do think we need that functionality for a variety of
    purposes.
    
    -- 
      Bruce Momjian                        |  http://candle.pha.pa.us
      pgman@candle.pha.pa.us               |  (610) 359-1001
      +  If your life is a hard drive,     |  13 Roberts Road
      +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
    
    
  21. Re: [HACKERS] read-only database

    Tom Lane <tgl@sss.pgh.pa.us> — 2005-05-10T03:03:51Z

    Bruce Momjian <pgman@candle.pha.pa.us> writes:
    > Having removed our security for not allowing override of things like
    > log_statement, it seems we need a more general capability for
    > controlling how something can be set that no one can change.
    
    The initial implementation was definitely pretty broken, but I agree
    we should try again.
    
    I think that transaction_read_only and default_transaction_read_only
    are a special case: they embody our implementation of SQL-spec-mandated
    features (SET TRANSACTION READ ONLY and friends), and so any messing
    about with them has to surmount the objection that it'll be breaking
    spec-mandated behavior.  But the other things we wanted this for in
    the past, such as logging control, were outside the scope of the spec
    AFAIR.
    
    			regards, tom lane
    
    
  22. Re: [HACKERS] read-only database

    Satoshi Nagayasu <nagayasus@nttdata.co.jp> — 2005-05-10T03:18:10Z

    Bruce Momjian wrote:
    >>It's come up a few times ... more than an un-overridable read-only mode
    >>anyway.  Also, I should think that those who want a secure read-only
    >>mode want it enforced selectively --- for instance, assuredly read-only
    >>for some users but not others.  I can hardly see any use case for the
    >>patch as proposed; it seems to have all the disadvantages of a low-level
    >>read-only mode (eg, not selective) without any of the advantages.
    
    Our company has some PostgreSQL replication systems
    for our customers. I need to switch the database state between
    read-only and writable for recovering or maintenance.
    
    As I mentioned before, I wanted to the read-only database mode.
    It is the per-database state.
    
    http://archives.postgresql.org/pgsql-hackers/2005-03/msg00540.php
    
    However, if it is not provided, we have to find alternative way
    to get our purpose.
    
    So I'm still looking for how to make the (user) database as read-only.
    
    -- 
    NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
    OpenSource Development Center,
    NTT DATA Corp. http://www.nttdata.co.jp/
    
    
  23. Re: [HACKERS] read-only database

    Joshua D. Drake <jd@commandprompt.com> — 2005-05-10T03:21:26Z

    > As I mentioned before, I wanted to the read-only database mode.
    > It is the per-database state.
    > 
    > http://archives.postgresql.org/pgsql-hackers/2005-03/msg00540.php
    > 
    > However, if it is not provided, we have to find alternative way
    > to get our purpose.
    > 
    > So I'm still looking for how to make the (user) database as read-only.
    > 
    
    Mammoth PostgreSQL Replicator could do this. If you set a database to a
    slave and tell it to be a slave for all tables it would be read only.
    
    Sincerely,
    
    Joshua D. Drake
    Command Prompt, Inc.
    
    
  24. Re: [HACKERS] read-only database

    Hannu Krosing <hannu@tm.ee> — 2005-05-18T10:07:27Z

    On E, 2005-05-09 at 20:21 -0700, Joshua D. Drake wrote:
    > > As I mentioned before, I wanted to the read-only database mode.
    > > It is the per-database state.
    > > 
    > > http://archives.postgresql.org/pgsql-hackers/2005-03/msg00540.php
    > > 
    > > However, if it is not provided, we have to find alternative way
    > > to get our purpose.
    > > 
    > > So I'm still looking for how to make the (user) database as read-only.
    > > 
    > 
    > Mammoth PostgreSQL Replicator could do this. If you set a database to a
    > slave and tell it to be a slave for all tables it would be read only.
    
    Would it still not have the same issues as Slony (one can create new
    tables) this patch (one can create temp tables) ?
    
    -- 
    Hannu Krosing <hannu@tm.ee>