Bell John <jbelllinux@yahoo.com> writes:
> You must have Postgres superuser privilege to use
> server-side lo_import. Anyone can use the client-side
> lo_import provided by libpq.
> Is there any way to disable this behaviour or to give
> a user the priviliges that are being looked for? This
> effectively cripples the vast majority of programmatic
> interfaces to PostgreSQL ie. all those that are more
> than wrappers around libpq.
Not in the least: you just have to use the interface it's telling you to
use, ie, the lo_import/lo_export libpq functions. (If you are writing
psql scripts, see \lo_import and \lo_export.)
If you are really intent on using backend-side lo_import and lo_export
from non-superuser ids, there is an ALLOW_DANGEROUS_LO_FUNCTIONS option
you could turn on in pg_config.h. Do understand however that that is
a security hole a mile wide: anyone who can get at backend lo_export
can trivially break into your postgres user account, eg, by creating
a ~/.rhosts file. You might as well just let all your DB users be
superusers.
regards, tom lane
