Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review])

On 2013-08-29 21:26:48 -0400, Stephen Frost wrote:
> > Sure, you can construct a scenario where this matters. The ops guys
> > have "sudo postgres pg_ctl" access but adminpack isn't installed and
> > they have no other way to modify the configuration file. But that's
> > just bizarre. And if that's really the environment you have, then you
> > can install a loadable module that grabs ProcessUtility_hook and uses
> > it to forbid ALTER SYSTEM on that machine. Hell, we can ship such a
> > thing in contrib. Problem solved. But it's surely too obscure a
> > combination of circumstances to justify disabling this by default.
>
> It's not the OPs guy that I'm worried about using ALTER SYSTEM- I don't
> expect them to have any clue about it or care about it, except where it
> can be used to modify things under /etc which they, rightfully, consider
> their domain.

I think for the scenarios you describe it makes far, far much more sense
to add the ability to easily monitor for two things:
* on-disk configuration isn't the same as the currently loaded (not
trivially possible yet)
* Configuration variables only come from locations that are approved for
in your scenario (Already possible, we might want to make it even easier)

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services