Re: Thoughts on the location of configuration files

Peter Eisentraut <peter_e@gmx.net> writes:
> Therefore, a wired-in configuration file location near /etc would be
> helpful or at least indifferent for most users.

By "wired in" you evidently don't mean hard-wired, but "default
established at configure time with the option to override from the
command line".  That I can live with.  We would presumably also
retire the use of environment variable PGDATA, which strikes
me as a Good Thing.

One thing we should think about before becoming too enthusiastic is
security considerations.  Up to now, we have not really thought hard
about whether there are any items in the configuration files that
shouldn't be visible to random users, because all of them live under
$PGDATA and the directory protection on $PGDATA renders all the config
files secure from prying eyes.  But I do not think it is safe to assume
that config files living in /etc will reliably be made mode 0600.  Are
there, or might in the future there be, any items in these files that
we'd not want to be world-readable?

Secondary password files are a fairly obvious example of stuff better
not left out in the cold.  We could probably deprecate the practice
of keeping any actual passwords in such files ;-) ... but I wonder
whether it'd not be better to leave them under $PGDATA.  A person
slightly more paranoid than myself would argue against exposing any
part of pg_hba.conf or pg_ident.conf.
        regards, tom lane