This project is not covered by Drupal’s security advisory policy.

This module allows to lock any configuration changes done via the Drupal admin UI. This can be useful in scenarios where for example configuration changes should not be done on the production environment, but only on staging or local environments.

To enable readonly mode, enable this module and add this to your settings.php:

$settings['config_readonly'] = TRUE;

To lock production and not other environments, your code in settings.php
might be a conditional on an environment variable like:

if (isset($_ENV['AH_SITE_ENVIRONMENT']) && $_ENV['AH_SITE_ENVIRONMENT'] === 'prod') {
  $settings['config_readonly'] = TRUE;
}

The following approaches are somewhat discouraged since they may allow anyone with Drush or shell access to bypass or disable the protection and change configuration in production.

To allow all changes via the command line and enable readonly mode for the UI only:

if (PHP_SAPI !== 'cli') {
  $settings['config_readonly'] = TRUE;
}

You could similarly toggle read-only mode based on the presence or absence of a file on the webserver (e.g. in a location outside the docroot).

if (!file_exists('/home/myuser/disable-readonly.txt')) {
  $settings['config_readonly'] = TRUE;
}

Project Information

Downloads