On Tue, Mar 19, 2024 at 3:52 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > Heikki Linnakangas <hlinn...@iki.fi> writes: > > Perhaps we could make that even better with a GUC though. I propose a > > GUC called 'configuration_managed_externally = true / false". If you set > > it to true, we prevent ALTER SYSTEM and make the error message more > > definitive: > > > postgres=# ALTER SYSTEM SET wal_level TO minimal; > > ERROR: configuration is managed externally > > > As a bonus, if that GUC is set, we could even check at server startup > > that all the configuration files are not writable by the postgres user, > > and print a warning or refuse to start up if they are. > > I like this idea. The "bonus" is not optional though, because > setting the files' ownership/permissions is the only way to be > sure that the prohibition is even a little bit bulletproof. > > One small issue: how do we make that work on Windows? Have recent > versions grown anything that looks like real file permissions?
Windows has had full ACL support since 1993. The easiest way to do what you're doing here is to just set a DENY permission on the postgres operating system user. //Magnus
