On Wed, Mar 20, 2024 at 11:07 AM Jelte Fennema-Nio <postg...@jeltef.nl> wrote: > > Ugh, please let's not do this. This was bouncing around in my head last > > night, and this is really a quite radical change - especially just to > > handle the given ask, which is to prevent a specific command from running. > > Not implement a brand new security system. There are so many ways this > > could go wrong if we start having separate permissions for some of our > > files. In addition to backups and other tools that need to write to the > > conf files as the postgres user, what about systems that create a new > > cluster automatically e.g. Patroni? It will now need elevated privs just to > > create the conf files and assign the new ownership to them. Lots of moving > > pieces there and ways things could go wrong. So a big -1 from me, as they > > say/ :) > > Well put. I don't think the effort of making all tooling handle this > correctly is worth the benefit that it brings. afaict everyone on this > thread that actually wants to use this feature would be happy with the > functionality that the current patch provides (i.e. having > postgresql.auto.conf writable, but having ALTER SYSTEM error out).
Yeah, I agree with this completely. I don't understand why people who hate the feature and hope it dies in a fire get to decide how it has to work. And also, if we verify that the configuration files are all read-only at the OS level, that also prevents the external tool from managing them. Well, it can: it can make them non-read-only after server start, then modify them, then make them read-only again, and it can make sure that if the system crashes, it again marks them read-only before trying to start PG. But it seems quite obvious that this will be inconvenient and difficult to get right. I find it quite easy to understand the idea that someone wants the PostgreSQL configuration to be managed by Kubernetes rather than via by ALTER SYSTEM, but I can't think of any scenario when you just don't want to be able to manage the configuration at all. Who in the world would want that? -- Robert Haas EDB: http://www.enterprisedb.com
