# Restricting Local File System Access

SingleStore provides two engine variables that control how SQL statements interact with the server's local file system.

## `local_file_system_access_restricted`

The `local_file_system_access_restricted` engine variable controls whether SQL statements can read from or write to the local file system on the server.

| Property | Value  |
| -------- | ------ |
| Default  | `OFF`  |
| Scope    | Global |
| Dynamic  | Yes    |

When set to `ON`, the following operations are blocked:

* `SELECT ... INTO OUTFILE`
* `SELECT ... INTO FS`
* `LOAD DATA ... INFILE` (without `LOCAL`)
* `CREATE PIPELINE ... LOAD DATA FS`

By default, this engine variable is set to `OFF`, which allows any user with the appropriate privileges (`FILE READ` or `FILE WRITE`) to access files anywhere on the server's file system unless access is further restricted by `secure_file_priv`.

> **📝 Note**: SingleStore recommends setting this engine variable to `ON` unless local file system access is explicitly required. The variable defaults to `OFF` for backward compatibility with existing deployments that rely on local file import and export workflows. In this mode, any user with `FILE READ` or `FILE WRITE` privileges can access files anywhere on the server's file system unless further restricted by the `secure_file_priv` engine variable.

To persist across restarts, add the following to the engine configuration file (`memsql.cnf`) on every node:

```shell
[server]
local_file_system_access_restricted = ON
```

## `secure_file_priv`

If your workload requires local file system access and you cannot disable `local_file_system_access_restricted`, set `secure_file_priv` to restrict file operations to a specific directory.

The `secure_file_priv` engine variable limits the directories from which `LOAD DATA` can read and to which `SELECT ... INTO OUTFILE` can write.

| Property | Value                |
| -------- | -------------------- |
| Default  | `NULL`(unrestricted) |
| Scope    | Global               |
| Dynamic  | Yes                  |

When `secure_file_priv` is set to `NULL` (default value), a user with the `FILE WRITE` privilege can write files to any location on the server's file system accessible to the `memsqld` process. This includes overwriting configuration files or writing to sensitive directories.

When set to a directory path, users with `FILE READ` or `FILE WRITE` privileges can only access files within that directory or its subdirectories.

Use the following command to set the engine variable:

```sql
SET GLOBAL secure_file_priv = '/var/lib/memsql/data/export';
```

To persist across restarts, add the following to the engine configuration file (`memsql.cnf`) on every node:

```shell
[server]
secure_file_priv = /var/lib/memsql/data/export
```

Ensure the directory exists and has appropriate permissions before setting this variable.

## Best Practices

Apply one of the following configurations for different scenarios:

| Scenario                                                  | Recommended Configuration                                                                  | Behavior                                                                                                                             |
| --------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
| Local file I/O needed, unrestricted                       | `local_file_system_access_restricted = OFF`(default) and`secure_file_priv = NULL`(default) | File I/O is allowed anywhere on the server's file system accessible to the`memsqld`process.                                          |
| Local file I/O needed, restricted to a specific directory | `local_file_system_access_restricted = OFF`(default) and`secure_file_priv = path/to/dir`   | File I/O is allowed only within the specified directory and its subdirectories.                                                      |
| No local file I/O needed                                  | `local_file_system_access_restricted = ON`and`secure_file_priv = <any value>`              | All local file system access is blocked.`local_file_system_access_restricted`takes precedence and`secure_file_priv`is not evaluated. |

***

Modified at: July 17, 2026

Source: [/db/v9.1/security/restricting-local-file-system-access/](https://docs.singlestore.com/db/v9.1/security/restricting-local-file-system-access/)

(An index of the documentation is available at /llms.txt)
