Re: For review: Server instrumentation patch

Tom Lane wrote:

>Andrew Dunstan <andrew@dunslane.net> writes:
>  
>
>>How about if we do something like this?:
>>    
>>
>
>  
>
>>. initdb creates a tmpdir inside the datadir
>>. a new GUC var called allowed_copy_locations which is a PATH type 
>>string specifying what directories we can copy to/from. This would by 
>>default be "$tmpdir"
>>    
>>
>
>Given that COPY to/from a file is already allowed only to superusers,
>I'm not sure how effective a GUC variable will be in constraining what
>they do with it.  We'd have to at least restrict it to SIGHUP, which'd
>mean you couldn't change it without the ability to write the config
>file.
>
>
>  
>

If we actually had an API for remote config changes, rather than just 
allowing file system level access, one might have a category of settings 
that could not be set remotely - this would be a prime candidate ;-)

cheers

andrew