block_copy_command

Block COPY commands via a configurable ProcessUtility hook

Overview

Package	Version	Category	License	Language
`block_copy_command`	`0.1.5`	SEC	BSD 3-Clause	Rust

ID	Extension	Bin	Lib	Load	Create	Trust	Reloc	Schema
7405	`block_copy_command`	No	Yes	Yes	Yes	No	No	-

Requires shared_preload_libraries = block_copy_command.

Version

Type	Repo	Version	PG Ver	Package	Deps
EXT	PIGSTY	`0.1.5`	1817161514	`block_copy_command`	-
RPM	PIGSTY	`0.1.5`	1817161514	`block_copy_command_$v`	-
DEB	PIGSTY	`0.1.5`	1817161514	`postgresql-$v-block-copy-command`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.1.5 el8.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 306.1KiB	PIGSTY 0.1.5 el8.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 306.0KiB	PIGSTY 0.1.5 el8.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.9KiB	PIGSTY 0.1.5 el8.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.9KiB	PIGSTY 0.1.5 el8.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.6KiB
el8.aarch64	PIGSTY 0.1.5 el8.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.0KiB	PIGSTY 0.1.5 el8.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.0KiB
el9.x86_64	PIGSTY 0.1.5 el9.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.7KiB	PIGSTY 0.1.5 el9.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.6KiB	PIGSTY 0.1.5 el9.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.3KiB	PIGSTY 0.1.5 el9.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.8KiB	PIGSTY 0.1.5 el9.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.9KiB
el9.aarch64	PIGSTY 0.1.5 el9.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el9.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el9.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.6KiB	PIGSTY 0.1.5 el9.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.0KiB	PIGSTY 0.1.5 el9.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.5KiB
el10.x86_64	PIGSTY 0.1.5 el10.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.9KiB	PIGSTY 0.1.5 el10.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.7KiB	PIGSTY 0.1.5 el10.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.5KiB	PIGSTY 0.1.5 el10.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 322.0KiB	PIGSTY 0.1.5 el10.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 322.1KiB
el10.aarch64	PIGSTY 0.1.5 el10.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.2KiB
d12.x86_64	PIGSTY 0.1.5 d12.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.3KiB	PIGSTY 0.1.5 d12.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d12.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.1KiB	PIGSTY 0.1.5 d12.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d12.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.3KiB
d12.aarch64	PIGSTY 0.1.5 d12.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB
d13.x86_64	PIGSTY 0.1.5 d13.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 248.3KiB	PIGSTY 0.1.5 d13.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.6KiB	PIGSTY 0.1.5 d13.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 248.2KiB	PIGSTY 0.1.5 d13.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d13.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.9KiB
d13.aarch64	PIGSTY 0.1.5 d13.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d13.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 150.0KiB	PIGSTY 0.1.5 d13.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.8KiB	PIGSTY 0.1.5 d13.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d13.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB
u22.x86_64	PIGSTY 0.1.5 u22.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 281.0KiB	PIGSTY 0.1.5 u22.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.9KiB	PIGSTY 0.1.5 u22.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 281.0KiB	PIGSTY 0.1.5 u22.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.7KiB	PIGSTY 0.1.5 u22.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.7KiB
u22.aarch64	PIGSTY 0.1.5 u22.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 174.0KiB	PIGSTY 0.1.5 u22.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 174.0KiB
u24.x86_64	PIGSTY 0.1.5 u24.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.5KiB	PIGSTY 0.1.5 u24.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.4KiB	PIGSTY 0.1.5 u24.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.4KiB	PIGSTY 0.1.5 u24.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.0KiB	PIGSTY 0.1.5 u24.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.2KiB
u24.aarch64	PIGSTY 0.1.5 u24.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.4KiB	PIGSTY 0.1.5 u24.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB	PIGSTY 0.1.5 u24.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB	PIGSTY 0.1.5 u24.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 173.0KiB	PIGSTY 0.1.5 u24.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB

Build

You can build the RPM / DEB packages for block_copy_command using pig build:

pig build pkg block_copy_command         # build RPM / DEB packages

Install

You can install block_copy_command directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

pig install block_copy_command;          # Install for current active PG version

pig ext install -y block_copy_command -v 18  # PG 18
pig ext install -y block_copy_command -v 17  # PG 17
pig ext install -y block_copy_command -v 16  # PG 16
pig ext install -y block_copy_command -v 15  # PG 15
pig ext install -y block_copy_command -v 14  # PG 14

dnf install -y block_copy_command_18       # PG 18
dnf install -y block_copy_command_17       # PG 17
dnf install -y block_copy_command_16       # PG 16
dnf install -y block_copy_command_15       # PG 15
dnf install -y block_copy_command_14       # PG 14

apt install -y postgresql-18-block-copy-command   # PG 18
apt install -y postgresql-17-block-copy-command   # PG 17
apt install -y postgresql-16-block-copy-command   # PG 16
apt install -y postgresql-15-block-copy-command   # PG 15
apt install -y postgresql-14-block-copy-command   # PG 14

Preload:

shared_preload_libraries = 'block_copy_command';

Create Extension:

CREATE EXTENSION block_copy_command;

Usage

GitHub Repo: rustwizard/block_copy_command
README: rustwizard/block_copy_command/blob/master/README.md

block_copy_command blocks COPY commands cluster-wide by installing a ProcessUtility hook. It is loaded with shared_preload_libraries, and CREATE EXTENSION only registers the extension metadata in each database.

This extension is intended for deployments that want to stop COPY TO and COPY FROM by default for non-superusers, while still allowing finer-grained policy through GUCs and an audit table.

Setup

shared_preload_libraries = 'block_copy_command'

CREATE EXTENSION block_copy_command;

The README says the hook becomes active for the whole cluster as soon as the library is loaded.

Blocking Rules

By default, non-superusers are blocked from running COPY.

COPY my_table TO STDOUT;
COPY my_table FROM STDIN;
COPY (SELECT * FROM my_table) TO '/tmp/out.csv';

Superusers bypass the block unless they are listed in block_copy_command.blocked_roles or block_copy_command.block_program is enabled. COPY ... PROGRAM is blocked for everyone by default.

Settings

block_copy_command.enabled toggles blocking for non-superusers.
block_copy_command.block_to controls whether COPY TO is blocked.
block_copy_command.block_from controls whether COPY FROM is blocked.
block_copy_command.block_program blocks COPY TO/FROM PROGRAM for all users.
block_copy_command.hint appends a custom HINT: to blocked commands.
block_copy_command.blocked_roles permanently blocks named roles, including superusers.
block_copy_command.audit_log_enabled controls whether intercepted COPY events are written to block_copy_command.audit_log.

Audit Log

The extension records intercepted COPY activity in block_copy_command.audit_log and also writes blocked events to the PostgreSQL server log at LOG level.

Typical monitoring queries from the README include listing recent events, filtering blocked events, and grouping by user.

Scope

The upstream README covers requirements, enablement, blocking behavior, the main GUCs, the audit table, and test coverage. No separate project homepage or docs site was needed for this stub.

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-04-14: update extension catalog (29617e5)