GUC --- prevent non-super user changes

Tom Lane wrote:
> The recent change to make log_min_messages SUSET provokes the following
> behavior:
>
> $ export PGOPTIONS="-d 5"
> $ psql
> psql: FATAL: 'log_min_messages': permission denied
> $
>
> Considering that I *am* superuser, this is quite unacceptable.
> If you don't want to revert the change, propose another solution.

Here is a proposed fix for the new SUSET of various variables. The
solution is to create a new GUC context called PGC_USERLIMIT, which
limits changes by non-super users. For example, non-super users can
turn on logging, but can't turn it off, and log_min_* logging can have
added output, but not less output.

The first part of the patch prevent client PGOPTIONS from lowering the
debug level. The second part adds this new GUC context, then allows it
to be set properly. The tests are in two parts --- the first prevents
non-super users from changing the value inappropriately, and the second
allows postgresql.conf changes to apply to existing backends, i.e. if
postgresql.conf turns logging off via SET, turning it on via
postgresql.conf should propogate to the client, because the client can't
turn something off that the admin wants turned on --- that is the tricky
part that we have to be able to handle the settings in any order.

Peter, how does this look? Is reset_val the proper value to test?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073