lo_compat_privileges
A parameter optionally disabling privilege checks for large objects
lo_compat_privileges
is a configuration parameter determining whether to disable the privilege checks for large objects introduced in PostgreSQL 9.0.
lo_compat_privileges
was added in PostgreSQL 9.0 to provide backwards compatibility for pre-9.0 behaviour.
Default value
The defaut value for lo_compat_privileges
is: off
.
Change history
- PostgreSQL 9.0
- added (commit f1325ce2)
Examples
Example of the effect of lo_compat_privileges
when off
(the default):
postgres=# \lo_import /tmp/random-meme.jpg 'Some meme' lo_import 16458 postgres=# \dl Large objects ID | Owner | Description -------+----------+------------- 16458 | postgres | Some meme (1 row)
In PostgreSQL 9.0 and later, a non-privileged user who does not own thelarge object is not able to remove it:
postgres=> \lo_unlink 16458 ERROR: must be owner of large object 16458
If lo_compat_privileges
is set to on
, the pre-PostgreSQL 9.0 behaviour is restored and the large object can be removed by any user:
postgres=> SHOW lo_compat_privileges; lo_compat_privileges ---------------------- on (1 row) postgres=> \lo_unlink 16458 lo_unlink 16458
References
- PostgreSQL documentation: lo_compat_privileges