Add allow_alter_system GUC. This is marked PGC_SIGHUP, so it can only be set in a configuration file, not anywhere else; and it is also marked GUC_DISALLOW_IN_AUTO_FILE, so it can't be set using ALTER SYSTEM. When set to false, the ALTER SYSTEM command is disallowed.
There was considerable concern that this would be misinterpreted as a security feature, which it is not, because a determined superuser has various ways of bypassing it. Hence, a lot of work has gone into wordsmithing the documentation, in the hopes of avoiding any such confusion. Jelte Fennemia-Nio and Gabriele Bartolini, with wording suggestions for the documentation from many others. Discussion: http://postgr.es/m/CA%2BVUV5rEKt2%2BCdC_KUaPoihMu%2Bi5ChT4WVNTr4CD5-xXZUfuQw%40mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/d3ae2a24f265a028f4b9e8df79ea7b075c6cf016 Modified Files -------------- doc/src/sgml/config.sgml | 51 ++++++++++++++++++++++++++- doc/src/sgml/ref/alter_system.sgml | 8 +++++ src/backend/utils/misc/guc.c | 5 +++ src/backend/utils/misc/guc_tables.c | 17 +++++++++ src/backend/utils/misc/postgresql.conf.sample | 1 + src/include/utils/guc.h | 1 + 6 files changed, 82 insertions(+), 1 deletion(-)
