-
+
Server Configuration
- This allows us to tuen on/off database privilege checks on large
- objects. In the 8.4.x series and earlier release do not have
- privilege checks on large object in most cases.
-
- So, turning the lo_compat_privileges off means
- the large object feature performs in compatible mode.
+ In
PostgreSQL releases prior to 8.5, large objects+ did not have access privileges and were, in effect, readable and
+ writable by all users. Setting this variable to on
+ disables the new privilege checks, for compatibility with prior
+ releases. The default is off.
- Please note that it is not equivalent to disable all the security
- checks corresponding to large objects.
- For example, the lo_import() and
+ Setting this variable does not disable all security checks for
+ large objects - only those for which the default behavior has changed
+ For example, lo_import() and
lo_export() need superuser privileges independent
- from this setting as prior versions were doing.
-
- It is off by default.
+ of this setting.
-
+
Large Objects
searches for the correct chunk number when doing random
access reads and writes.
+
+ As of
PostgreSQL 8.5, large objects have an owner+ and a set of access permissions, which can be managed using
+ and
+ .
+ For compatibility with prior releases, see
+ .
+ SELECT privileges are required to read a large
+ object, and
+ UPDATE privileges are required to write to or
+ truncate it.
+ Only the large object owner (or the database superuser) can unlink, comment
+ on, or change the owner of a large object.
+
owning user. Therefore, their use is restricted to superusers. In
contrast, the client-side import and export functions read and write files
in the client's file system, using the permissions of the client program.
- The client-side functions can be used by any
+ The client-side functions do not require superuser privilege.
-
-
Large object and privileges
- Note that access control feature was not supported in the 8.4.x series
- and earlier release.
- Also see the compatibility
- option.
-
- Now it supports access controls on large objects, and allows the owner
- of large objects to set up access rights using
- and
- statement.
-
- Two permissions are defined on the large object class.
- These are checked only when
- option is disabled.
-
- The first is SELECT.
- It is required on loread() function.
- Note that when we open large object with read-only mode, we can see
- a static image even if other concurrent transaction modified the
- same large object.
- This principle is also applied on the access rights of large objects.
- Even if a transaction modified access rights and commit it, it is
- not invisible from other transaction which already opened the large
- object.
-
- The second is UPDATE.
- It is required on lowrite() function and
- lo_truncate() function.
-
- In addition, lo_unlink() function,
- COMMENT ON and ALTER LARGE OBJECT
- statements needs ownership of the large object to be accessed.
-
- You may wonder why SELECT is not checked on the
- lo_export() function or UPDATE
- is not checked on the lo_import function.
-
- These functions originally require database superuser privilege,
- and it allows to bypass the default database privilege checks,
- so we don't need to check an obvious test twice.
-
-
.
For sequences, this privilege also allows the use of the
currval function.
- For large objects, this privilege also allows to read from
- the target large object.
+ For large objects, this privilege allows the object to be read.
SELECT privilege. For sequences, this
privilege allows the use of the nextval and
setval functions.
- For large objects, this privilege also allows to write or truncate
- on the target large object.
+ For large objects, this privilege allows writing or truncating the
+ object.
projects / postgresql.git / commitdiff