block_copy_command

Block COPY commands via a configurable ProcessUtility hook

Overview

Package	Version	Category	License	Language
`block_copy_command`	`0.1.5`	SEC	BSD 3-Clause	Rust

ID	Extension	Bin	Lib	Load	Create	Trust	Reloc	Schema
7405	`block_copy_command`	No	Yes	Yes	Yes	No	No	-

Requires shared_preload_libraries = block_copy_command.

Version

Type	Repo	Version	PG Ver	Package	Deps
EXT	PIGSTY	`0.1.5`	1817161514	`block_copy_command`	-
RPM	PIGSTY	`0.1.5`	1817161514	`block_copy_command_$v`	-
DEB	PIGSTY	`0.1.5`	1817161514	`postgresql-$v-block-copy-command`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.1.5 el8.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 306.1KiB	PIGSTY 0.1.5 el8.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 306.0KiB	PIGSTY 0.1.5 el8.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.9KiB	PIGSTY 0.1.5 el8.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.9KiB	PIGSTY 0.1.5 el8.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el8.x86_64.rpm PIGSTY · 0.1.5 · 305.6KiB
el8.aarch64	PIGSTY 0.1.5 el8.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.0KiB	PIGSTY 0.1.5 el8.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.1KiB	PIGSTY 0.1.5 el8.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el8.aarch64.rpm PIGSTY · 0.1.5 · 199.0KiB
el9.x86_64	PIGSTY 0.1.5 el9.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.7KiB	PIGSTY 0.1.5 el9.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.6KiB	PIGSTY 0.1.5 el9.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.3KiB	PIGSTY 0.1.5 el9.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.8KiB	PIGSTY 0.1.5 el9.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el9.x86_64.rpm PIGSTY · 0.1.5 · 321.9KiB
el9.aarch64	PIGSTY 0.1.5 el9.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el9.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el9.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.6KiB	PIGSTY 0.1.5 el9.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.0KiB	PIGSTY 0.1.5 el9.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el9.aarch64.rpm PIGSTY · 0.1.5 · 212.5KiB
el10.x86_64	PIGSTY 0.1.5 el10.x86_64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.9KiB	PIGSTY 0.1.5 el10.x86_64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.7KiB	PIGSTY 0.1.5 el10.x86_64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 321.5KiB	PIGSTY 0.1.5 el10.x86_64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 322.0KiB	PIGSTY 0.1.5 el10.x86_64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el10.x86_64.rpm PIGSTY · 0.1.5 · 322.1KiB
el10.aarch64	PIGSTY 0.1.5 el10.aarch64.pg18 : block_copy_command_18 block_copy_command_18-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg17 : block_copy_command_17 block_copy_command_17-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg16 : block_copy_command_16 block_copy_command_16-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg15 : block_copy_command_15 block_copy_command_15-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.1KiB	PIGSTY 0.1.5 el10.aarch64.pg14 : block_copy_command_14 block_copy_command_14-0.1.5-1PIGSTY.el10.aarch64.rpm PIGSTY · 0.1.5 · 212.2KiB
d12.x86_64	PIGSTY 0.1.5 d12.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.3KiB	PIGSTY 0.1.5 d12.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d12.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.1KiB	PIGSTY 0.1.5 d12.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d12.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~bookworm_amd64.deb PIGSTY · 0.1.5 · 248.3KiB
d12.aarch64	PIGSTY 0.1.5 d12.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d12.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~bookworm_arm64.deb PIGSTY · 0.1.5 · 149.9KiB
d13.x86_64	PIGSTY 0.1.5 d13.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 248.3KiB	PIGSTY 0.1.5 d13.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.6KiB	PIGSTY 0.1.5 d13.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 248.2KiB	PIGSTY 0.1.5 d13.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.4KiB	PIGSTY 0.1.5 d13.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~trixie_amd64.deb PIGSTY · 0.1.5 · 247.9KiB
d13.aarch64	PIGSTY 0.1.5 d13.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d13.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 150.0KiB	PIGSTY 0.1.5 d13.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.8KiB	PIGSTY 0.1.5 d13.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB	PIGSTY 0.1.5 d13.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~trixie_arm64.deb PIGSTY · 0.1.5 · 149.9KiB
u22.x86_64	PIGSTY 0.1.5 u22.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 281.0KiB	PIGSTY 0.1.5 u22.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.9KiB	PIGSTY 0.1.5 u22.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 281.0KiB	PIGSTY 0.1.5 u22.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.7KiB	PIGSTY 0.1.5 u22.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~jammy_amd64.deb PIGSTY · 0.1.5 · 280.7KiB
u22.aarch64	PIGSTY 0.1.5 u22.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 174.0KiB	PIGSTY 0.1.5 u22.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 173.9KiB	PIGSTY 0.1.5 u22.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~jammy_arm64.deb PIGSTY · 0.1.5 · 174.0KiB
u24.x86_64	PIGSTY 0.1.5 u24.x86_64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.5KiB	PIGSTY 0.1.5 u24.x86_64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.4KiB	PIGSTY 0.1.5 u24.x86_64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.4KiB	PIGSTY 0.1.5 u24.x86_64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.0KiB	PIGSTY 0.1.5 u24.x86_64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~noble_amd64.deb PIGSTY · 0.1.5 · 278.2KiB
u24.aarch64	PIGSTY 0.1.5 u24.aarch64.pg18 : postgresql-18-block-copy-command postgresql-18-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.4KiB	PIGSTY 0.1.5 u24.aarch64.pg17 : postgresql-17-block-copy-command postgresql-17-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB	PIGSTY 0.1.5 u24.aarch64.pg16 : postgresql-16-block-copy-command postgresql-16-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB	PIGSTY 0.1.5 u24.aarch64.pg15 : postgresql-15-block-copy-command postgresql-15-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 173.0KiB	PIGSTY 0.1.5 u24.aarch64.pg14 : postgresql-14-block-copy-command postgresql-14-block-copy-command_0.1.5-1PIGSTY~noble_arm64.deb PIGSTY · 0.1.5 · 172.8KiB

Build

You can build the RPM / DEB packages for block_copy_command using pig build:

pig build pkg block_copy_command         # build RPM / DEB packages

Install

You can install block_copy_command directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

pig install block_copy_command;          # Install for current active PG version

pig ext install -y block_copy_command -v 18  # PG 18
pig ext install -y block_copy_command -v 17  # PG 17
pig ext install -y block_copy_command -v 16  # PG 16
pig ext install -y block_copy_command -v 15  # PG 15
pig ext install -y block_copy_command -v 14  # PG 14

dnf install -y block_copy_command_18       # PG 18
dnf install -y block_copy_command_17       # PG 17
dnf install -y block_copy_command_16       # PG 16
dnf install -y block_copy_command_15       # PG 15
dnf install -y block_copy_command_14       # PG 14

apt install -y postgresql-18-block-copy-command   # PG 18
apt install -y postgresql-17-block-copy-command   # PG 17
apt install -y postgresql-16-block-copy-command   # PG 16
apt install -y postgresql-15-block-copy-command   # PG 15
apt install -y postgresql-14-block-copy-command   # PG 14

Preload:

shared_preload_libraries = 'block_copy_command';

Create Extension:

CREATE EXTENSION block_copy_command;

Usage

Source: README

block_copy_command installs a ProcessUtility hook that intercepts COPY statements. The hook is cluster-wide once the library is loaded, while CREATE EXTENSION only registers metadata in a database.

Enable It

shared_preload_libraries = 'block_copy_command'

CREATE EXTENSION block_copy_command;

The upstream README lists PostgreSQL 13-18 support.

Blocking Rules

By default, non-superusers cannot run COPY TO or COPY FROM:

COPY my_table TO STDOUT;
COPY my_table FROM STDIN;
COPY (SELECT * FROM my_table) TO '/tmp/out.csv';

Priority is documented as:

block_copy_command.blocked_roles: always blocked, even superusers.
block_copy_command.block_program = on: blocks COPY ... PROGRAM for everyone.
block_copy_command.enabled = off: allows COPY for roles not in blocked_roles.
Superusers otherwise bypass direction blocking.
block_copy_command.block_to and block_copy_command.block_from control export/import blocking for non-superusers.

Main Settings

block_copy_command.enabled: master switch for non-superuser blocking.
block_copy_command.block_to: block COPY TO.
block_copy_command.block_from: block COPY FROM.
block_copy_command.block_program: block COPY TO/FROM PROGRAM for all users.
block_copy_command.hint: append a custom HINT to blocked-command errors.
block_copy_command.blocked_roles: comma-separated always-blocked roles.
block_copy_command.audit_log_enabled: write intercepted events to the audit table.

Audit And Caveats

Allowed and blocked attempts are intercepted, and the extension defines block_copy_command.audit_log plus server-log entries for blocked events. The README notes one important caveat: blocked audit rows are inserted before the error is raised, so they are rolled back with the transaction. In practice, PostgreSQL server logs are the authoritative record for blocked COPY attempts.

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-04-19: update extension stub docs (9f178c3)