Re: Possibility to disable `ALTER SYSTEM`
| От | Gabriele Bartolini |
|---|---|
| Тема | Re: Possibility to disable `ALTER SYSTEM` |
| Дата | |
| Msg-id | CA+VUV5qEWF3nSqnKSJ2Z2B+jH2jLbz-+navHTp1keG8Dx6ZfLQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Possibility to disable `ALTER SYSTEM` (Isaac Morland <isaac.morland@gmail.com>) |
| Ответы |
Re: Possibility to disable `ALTER SYSTEM`
Re: Possibility to disable `ALTER SYSTEM` Re: Possibility to disable `ALTER SYSTEM` |
| Список | pgsql-hackers |
Hi Isaac,
On Fri, 8 Sept 2023 at 16:11, Isaac Morland <isaac.morland@gmail.com> wrote:
Alternate idea, not sure how good this is: Use existing OS security features (regular permissions, or more modern features such as the immutable attribute) to mark the postgresql.auto.conf file as not being writeable. Then any attempt to ALTER SYSTEM should result in an error.
```
postgres=# ALTER SYSTEM SET wal_level TO minimal;
ERROR: could not open file "postgresql.auto.conf": Permission denied
```
postgres=# ALTER SYSTEM SET wal_level TO minimal;
ERROR: could not open file "postgresql.auto.conf": Permission denied
```
IMO we should clearly state that `ALTER SYSTEM` is deliberately disabled in a system, rather than indirectly hinting it through an inaccessible file. Not sure if I am clearly highlighting the fine difference here.
Thanks,
Gabriele
-- В списке pgsql-hackers по дате отправления: