Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes:
> Say you want to set up promote_trigger_file to point to a file outside 
> of the data directory, maybe because you want to integrate it with some 
> external tooling.  So you go into your configuration and set
>      promote_trigger_file = '/srv/foobar/trigger'
> and reload the server.  Everything is happy.  The fact that the 
> directory /srv/foobar/ does not exist at this point is completely ignored.
> Now you become root and run
>      mkdir /srv/foobar
> and, depending circumstances such as root's umask or the permissions of 
> /srv, your PostgreSQL server crashes immediately.  That can't be good.

No, it's not good, but the proposed fix of s/ERROR/LOG/ simply delays
the problem till later, ie when you try to promote the server nothing
happens.  That's not good either.  (To be clear: I'm not necessarily
against that change, I just don't think it's a sufficient response.)

If we add a GUC-check-hook test, then the problem of misconfiguration
is reduced to the previously unsolved problem that we have crappy
feedback for erroneous on-the-fly configuration changes.  So it's
still unsolved, but at least we've got one unsolved problem not two.

                        regards, tom lane


Reply via email to