lo_compat_privileges

A parameter optionally disabling privilege checks for large objects

lo_compat_privileges is a configuration parameter determining whether to disable the privilege checks for large objects introduced in PostgreSQL 9.0.

lo_compat_privileges was added in PostgreSQL 9.0 to provide backwards compatibility for pre-9.0 behaviour.

Default value

The defaut value for lo_compat_privileges is: off.

Change history

Examples

Example of the effect of lo_compat_privileges when off (the default):

postgres=# \lo_import /tmp/random-meme.jpg 'Some meme'
lo_import 16458

postgres=# \dl
         Large objects
  ID   |  Owner   | Description
-------+----------+-------------
 16458 | postgres | Some meme
(1 row)

In PostgreSQL 9.0 and later, a non-privileged user who does not own thelarge object is not able to remove it:

postgres=> \lo_unlink 16458
ERROR:  must be owner of large object 16458

If lo_compat_privileges is set to on, the pre-PostgreSQL 9.0 behaviour is restored and the large object can be removed by any user:

postgres=> SHOW lo_compat_privileges;
 lo_compat_privileges 
----------------------
 on
(1 row)

postgres=> \lo_unlink 16458
lo_unlink 16458

Categories

Backwards compatibility, GUC configuration item, Large object

See also

Large object