> On 19 Mar 2024, at 15:51, Tom Lane <t...@sss.pgh.pa.us> wrote: > > Heikki Linnakangas <hlinn...@iki.fi> writes: >> Perhaps we could make that even better with a GUC though. I propose a >> GUC called 'configuration_managed_externally = true / false". If you set >> it to true, we prevent ALTER SYSTEM and make the error message more >> definitive: > >> postgres=# ALTER SYSTEM SET wal_level TO minimal; >> ERROR: configuration is managed externally > >> As a bonus, if that GUC is set, we could even check at server startup >> that all the configuration files are not writable by the postgres user, >> and print a warning or refuse to start up if they are. > > I like this idea. The "bonus" is not optional though, because > setting the files' ownership/permissions is the only way to be > sure that the prohibition is even a little bit bulletproof.
Agreed, assuming we can solve the below.. > One small issue: how do we make that work on Windows? Have recent > versions grown anything that looks like real file permissions? -- Daniel Gustafsson