Re: Parsing of pg_hba.conf and authenticationinconsistencies

On Aug 5, 2008, at 4:07 PM, Simon Riggs wrote:

>
> On Sun, 2008-08-03 at 10:36 +0200, Magnus Hagander wrote:
>> Tom Lane wrote:
>>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>>>> The good way to solve this would be to have independant command
>>>>> line
>>>>> utilities which check pg_hba.conf, pg_ident.conf and
>>>>> postgresql.conf for
>>>>> errors. Then DBAs could run a check *before* restarting the
>>>>> server.
>>>
>>>> While clearly useful, it'd still leave the fairly large foot-gun
>>>> that is
>>>> editing the hba file and HUPing things which can leave you with a
>>>> completely un-connectable database because of a small typo.
>>>
>>> That will *always* be possible, just because software is finite and
>>> human foolishness is not ;-).
>>
>> Certainly - been bitten by that more than once. But we can make it
>> harder or easier to make the mistakes..
>
> Yeah. I'm sure we've all done it.
>
> Would it be possible to have two config files? An old and a new?
>
> That way we could specify new file, but if an error is found we revert
> to the last known-good file?
>
> That would encourage the best practice of take-a-copy-then-edit.

Perhaps the --check-config option should take an (optional) file name?
That would allow you to validate a config file without having to copy
it into place first.

postgres --check-config=myFilenameGoesHere -D $PGDATA

-- Korry