A parameter optionally disabling privilege checks for large objects

lo_compat_privileges is a configuration parameter determining whether to disable the privilege checks for large objects introduced in PostgreSQL 9.0.

lo_compat_privileges was added in PostgreSQL 9.0 to provide backwards compatibility for pre-9.0 behaviour.

Default value

The defaut value for lo_compat_privileges is: off.

Change history


Example of the effect of lo_compat_privileges when off (the default):

postgres=# \lo_import /tmp/random-meme.jpg 'Some meme'
lo_import 16458

postgres=# \dl
         Large objects
  ID   |  Owner   | Description
 16458 | postgres | Some meme
(1 row)

In PostgreSQL 9.0 and later, a non-privileged user who does not own the large object is not able to remove it:

postgres=> \lo_unlink 16458
ERROR:  must be owner of large object 16458

If lo_compat_privileges is set to on, the pre-PostgreSQL 9.0 behaviour is restored and the large object can be removed by any user:

postgres=> SHOW lo_compat_privileges;
(1 row)

postgres=> \lo_unlink 16458
lo_unlink 16458


Backwards compatibility, GUC configuration item, Large object

See also

Large object