dbi Blog

Last year there started an interesting discussion on the PostgreSQL development mailing list: Would it make sense to implement something in PostgreSQL which can be used to disable the “alter system” command even for superusers? The request comes out of the container / K8s world, where parameters are usually set using a declarative way and it might make sense to disallow this even for superusers. If you read the thread you’ll learn about the pros and cons of such a feature, as always, but there is something you can do even today which I was not aware of, even if it is obvious once you’ve seen it.

Lets quickly have a look at what “alter system” is doing. Once you change a parameter using “alter system” this parameter change gets either added to “postgresql.auto.conf” if it is not there, or overwritten if it is there already:

postgres=# alter system set work_mem='11MB';
ALTER SYSTEM
postgres=# \! tail -1 $PGDATA/postgresql.auto.conf
work_mem = '11MB'
postgres=# alter system set work_mem='12MB';
ALTER SYSTEM
postgres=# \! tail -1 $PGDATA/postgresql.auto.conf
work_mem = '12MB'

Of course you either need to reload or even restart PostgreSQL to make this active, but this is how it works for “alter system” in general.

Disallowing “alter system” for even the super user is surprising simple. You can for example do it like this:

postgres=# \! sudo chattr +i $PGDATA/postgresql.auto.conf
postgres=# alter system set work_mem='12MB';
ERROR:  could not open file "postgresql.auto.conf": Operation not permitted

chattr +i will disable any write access to the file and even will prevent deletion of the file. Another option is to give the file to someone else than the operating system user which is running the instance:

postgres=# ! sudo chattr -i $PGDATA/postgresql.auto.conf
postgres=# alter system set work_mem='12MB';
ALTER SYSTEM
postgres=# ! sudo chown root:root $PGDATA/postgresql.auto.conf
postgres=# ! sudo chmod 600 $PGDATA/postgresql.auto.conf
postgres=# alter system set work_mem='12MB';
ERROR: could not open file "postgresql.auto.conf": Permission denied

The same will of course work for all other configuration files in the data directory.

You may also check here for more options about how users can be granted permissions to set specific parameters.

Post Views: 763

Disabling “alter system” in PostgreSQL?

Daniel Westermann

Leave a Reply:

Related blog articles

Daniel Westermann

Leave a Reply:

Related blog articles

A first look at openSUSE Leap Micro 6.0

Another file system for Linux: bcachefs (3) – Mirroring/Replicas

Another file system for Linux: bcachefs (2) – multi device file systems

Another file system for Linux: bcachefs (1) – basics