On Wed, Mar 20, 2024 at 3:11 PM Magnus Hagander <mag...@hagander.net> wrote: > I would argue that having the default permissions not allow postgres to edit > it's own config files *except* for postgresql.auto.conf would be a better > default than what we have now, but that's completely independent of the patch > being discussed on this thread. (And FWIW also already solved on debian-based > platforms for example, which but the main config files in /etc with postgres > only having read permissions on them - and having the *packagers* adapt such > things for their platforms in general seems like a better place).
I don't think that I agree that it's categorically better, but it might be better for some people or in some circumstances. I very much do agree that it's a packaging question rather than our job to sort out. -- Robert Haas EDB: http://www.enterprisedb.com