Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters
Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>
From: Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>
To: Alvaro Herrera <alvherre@2ndquadrant.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <bruce@momjian.us>,
Stephen Frost <sfrost@snowman.net>,
Josh Berkus <josh@agliodbs.com>, Andres Freund <andres@2ndquadrant.com>,
Greg Stark <stark@mit.edu>,
Fujii Masao <masao.fujii@gmail.com>, Robert Haas <robertmhaas@gmail.com>,
Amit Kapila <amit.kapila@huawei.com>,
Dimitri Fontaine <dimitri@2ndquadrant.fr>, pgsql-hackers@postgresql.org
Date: 2013-08-05T21:15:06Z
Lists: pgsql-hackers
On 08/05/2013 09:53 PM, Alvaro Herrera wrote: > Tom Lane escribió: > >> What Josh seems to be concerned with in this thread is the question of >> whether we should support an installation *policy decision* not to allow >> ALTER SYSTEM SET. Not because a particular set of parameters is broken, >> but just because somebody is afraid the DBA might break things. TBH >> I'm not sure I buy that, at least not as long as ALTER SYSTEM is a >> superuser feature. There is nothing in Postgres that denies permissions >> to superusers, and this doesn't seem like a very good place to start. > > Someone made an argument about this on IRC: GUI tool users are going to > want to use ALTER SYSTEM through point-and-click, and if all we offer is > superuser-level access to the feature, we're going to end up with a lot > of people running with superuser privileges just so that they are able > to tweak inconsequential settings. This seems dangerous. indeed it is > > The other issue is that currently you can only edit a server's config if > you are logged in to it. If we permit SQL-level access to that, and > somebody who doesn't have access to edit the files blocks themselves > out, there is no way for them to get a working system *at all*. thinking more about that - is there _ANY_ prerequisite of an application that can be completely reconfigured over a remote access protocol and solved the reliability and security challenges of that to a reasonable degree? Stefan