Home > mailing lists

Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

From	Gabriele Bartolini
Subject	Re: Possibility to disable `ALTER SYSTEM`
Date	September 8, 2023 14:17:04
Msg-id	CA+VUV5qEWF3nSqnKSJ2Z2B+jH2jLbz-+navHTp1keG8Dx6ZfLQ@mail.gmail.com Whole thread Raw
In response to	Re: Possibility to disable `ALTER SYSTEM` (Isaac Morland <isaac.morland@gmail.com>)
Responses	Re: Possibility to disable `ALTER SYSTEM` Re: Possibility to disable `ALTER SYSTEM` Re: Possibility to disable `ALTER SYSTEM`
List	pgsql-hackers

Tree view

Hi Isaac,

On Fri, 8 Sept 2023 at 16:11, Isaac Morland <isaac.morland@gmail.com> wrote:

Alternate idea, not sure how good this is: Use existing OS security features (regular permissions, or more modern features such as the immutable attribute) to mark the postgresql.auto.conf file as not being writeable. Then any attempt to ALTER SYSTEM should result in an error.

That is the point I highlighted in the initial post in the thread. We could make it readonly, but the returned error is misleading and definitely poor UX:

```
postgres=# ALTER SYSTEM SET wal_level TO minimal;
ERROR: could not open file "postgresql.auto.conf": Permission denied
```

IMO we should clearly state that `ALTER SYSTEM` is deliberately disabled in a system, rather than indirectly hinting it through an inaccessible file. Not sure if I am clearly highlighting the fine difference here.

Thanks,

Gabriele

Gabriele Bartolini

Vice President, Cloud Native at EDB

enterprisedb.com

pgsql-hackers by date:

From: Isaac Morland
Date: 08 September 2023, 14:11:30
Subject: Re: Possibility to disable `ALTER SYSTEM`

From: Jean-Christophe Arnu
Date: 08 September 2023, 14:41:42
Subject: FDW pushdown of non-collated functions

Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

Previous

Next