On 2013-06-27 15:11:26 +0200, Magnus Hagander wrote: > On Thu, Jun 27, 2013 at 2:16 PM, Peter Eisentraut <peter_e@gmx.net> wrote: > > On 6/27/13 6:34 AM, Magnus Hagander wrote: > >> Is there a reason why we have set the min allowed value for port to 1, > >> not 1024? Given that you can't actually start postgres with a value of > >> <1024, shoulnd't the entry in pg_settings reference that as well? > > > > Are you thinking of the restriction that you need to be root to use > > ports <1024? That restriction is not necessarily universal. We can let > > the kernel tell us at run time if it doesn't like our port. > > Yes, that's the restriction I was talking about. It's just a bit > annoying that if you look at pg_settings.min_value it doesn't actually > tell you the truth. But yeah, I believe Windows actually lets you use > a lower port number, so it'd at least have to be #ifdef'ed for that if > we wanted to change it.
You can easily change the setting on linux as well. And you can grant specific binaries the permission to bind to restricted ports without being root. I don't think the additional complexity to get a sensible value in there is warranted.
With that large a set of local policies that can change the "usual
< 1024" policy, yep, I agree that it's not worth trying too hard on this one.
And supposing something like SE-Linux can grant bindings for a particular
user/binary to access a *specific* port, that represents a model that is
pretty incompatible with the notion of a "minimum value."
On the one hand, the idea of having to add a lot of platform-specific
code (which may further be specific to a framework like SE-Linux)
is not terribly appealing.
Further, if the result is something that doesn't really fit with a "minimum,"
is it much worth fighting with the platform localities?
Indeed, I begin to question whether indicating a "minimum" is actually meaningful.
-- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"