On Wed, Mar 27, 2024 at 03:43:28PM +0100, Jelte Fennema-Nio wrote: > + </term> > + <listitem> > + <para> > + When <literal>allow_alter_system</literal> is set to > + <literal>on</literal>, an error is returned if the <command>ALTER > + SYSTEM</command> command is used. This parameter can only be set in > + the <filename>postgresql.conf</filename> file or on the server > command > + line. The default value is <literal>on</literal>. > + </para>
Uh, the above is clearly wrong. I think you mean "off" on the second line. > + > + <para> > + Note that this setting cannot be regarded as a security feature. It > + only disables the <literal>ALTER SYSTEM</literal> command. It does > not > + prevent a superuser from changing the configuration remotely using Why "remotely"? > + other means. A superuser has many ways of executing shell commands at > + the operating system level, and can therefore modify > + <literal>postgresql.auto.conf</literal> regardless of the value of > + this setting. The purpose of the setting is to prevent > + <emphasis>accidental</emphasis> modifications via <literal>ALTER > + SYSTEM</literal> in environments where > + <productname>PostgreSQL</productname> its configuration is managed by "its"? > + some outside mechanism. In such environments, using <command>ALTER > + SYSTEM</command> to make configuration changes might appear to work, > + but then may be discarded at some point in the future when that > outside "might" > + mechanism updates the configuration. Setting this parameter to > + <literal>on</literal> can help to avoid such mistakes. > + </para> "off" Is this really a patch we think we can push into PG 17. I am having my doubts. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.