pgextwlist
Overview
| Package | Version | Category | License | Language |
|---|---|---|---|---|
pgextwlist | 1.19 | SEC | PostgreSQL | C |
| ID | Extension | Bin | Lib | Load | Create | Trust | Reloc | Schema |
|---|---|---|---|---|---|---|---|---|
| 7390 | pgextwlist | No | Yes | Yes | No | No | No | - |
| Related | ddlx pgdd pg_permissions adminpack pgaudit set_user pg_catcheck noset |
|---|
missing pg18 on el
Version
| Type | Repo | Version | PG Ver | Package | Deps |
|---|---|---|---|---|---|
| EXT | MIXED | 1.19 | 1817161514 | pgextwlist | - |
| RPM | PIGSTY | 1.19 | 1817161514 | pgextwlist_$v | - |
| DEB | PGDG | 1.19 | 1817161514 | postgresql-$v-pgextwlist | - |
Build
You can build the RPM packages for pgextwlist using pig build:
pig build pkg pgextwlist # build RPM packages
Install
You can install pgextwlist directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:
pig repo add pgsql -u # Add repo and update cache
Install the extension using pig or apt/yum/dnf:
pig install pgextwlist; # Install for current active PG version
pig ext install -y pgextwlist -v 18 # PG 18
pig ext install -y pgextwlist -v 17 # PG 17
pig ext install -y pgextwlist -v 16 # PG 16
pig ext install -y pgextwlist -v 15 # PG 15
pig ext install -y pgextwlist -v 14 # PG 14
dnf install -y pgextwlist_18 # PG 18
dnf install -y pgextwlist_17 # PG 17
dnf install -y pgextwlist_16 # PG 16
dnf install -y pgextwlist_15 # PG 15
dnf install -y pgextwlist_14 # PG 14
apt install -y postgresql-18-pgextwlist # PG 18
apt install -y postgresql-17-pgextwlist # PG 17
apt install -y postgresql-16-pgextwlist # PG 16
apt install -y postgresql-15-pgextwlist # PG 15
apt install -y postgresql-14-pgextwlist # PG 14
Preload:
shared_preload_libraries = 'pgextwlist';
Usage
pgextwlist implements extension whitelisting: only explicitly allowed extensions can be installed, and whitelisted extensions are installed with superuser privileges even when requested by non-superusers.
Configuration
Add to postgresql.conf:
local_preload_libraries = 'pgextwlist'
extwlist.extensions = 'hstore,cube,pg_stat_statements'
Or per-role:
ALTER ROLE adminuser SET extwlist.extensions = 'pg_stat_statements, postgis';
| Parameter | Description |
|---|---|
extwlist.extensions | Comma-separated list of whitelisted extensions |
extwlist.custom_path | Filesystem path for custom pre/post scripts |
Behavior
Non-superusers can install whitelisted extensions:
-- Allowed (hstore is whitelisted)
CREATE EXTENSION hstore;
-- Blocked (not whitelisted)
CREATE EXTENSION earthdistance;
-- ERROR: extension "earthdistance" is not whitelisted
Operations CREATE EXTENSION, DROP EXTENSION, ALTER EXTENSION ... UPDATE, and COMMENT ON EXTENSION are run as superuser for whitelisted extensions.
Custom Scripts
Place scripts in ${extwlist.custom_path}/extname/:
| Script | When |
|---|---|
before--1.0.sql | Before installing version 1.0 |
before-create.sql | Before CREATE (fallback) |
after--1.0.sql | After installing version 1.0 |
after-create.sql | After CREATE (fallback) |
before-update.sql / after-update.sql | Around ALTER EXTENSION UPDATE |
before-drop.sql / after-drop.sql | Around DROP EXTENSION |
Custom scripts support template variables: @extschema@, @current_user@, @database_owner@.
Feedback
Was this page helpful?
Thanks for the feedback! Please let us know how we can improve.
Sorry to hear that. Please let us know how we can improve.