v.23.8Improvement

Allow Restriction of Allowed Paths for Filesystem Caches

Published: November 25, 2025

Allow to restrict allowed paths for filesystem caches. Mainly useful for dynamic disks. If in server config filesystem_caches_path is specified, all filesystem caches' paths will be restricted to this directory. E.g. if the path in cache config is relative - it will be put in filesystem_caches_path; if path in cache config is absolute, it will be required to lie inside filesystem_caches_path. If filesystem_caches_path is not specified in config, then behaviour will be the same as in earlier versions. #53124 (Kseniia Sumarokova).

Restrict allowed paths for filesystem caches by specifying a root directory in the server configuration.

Why it matters

This feature improves security and manageability for dynamic disks by ensuring all filesystem cache paths are confined within a specified directory. It prevents unauthorized or accidental use of paths outside the designated cache area, providing better control over cache storage locations.

How to use it

To enable this restriction, set the filesystem_caches_path parameter in the ClickHouse server configuration file. Relative path values in cache configurations will be placed inside this directory, while absolute path values must lie within it. If filesystem_caches_path is not set, cache paths behave as in previous versions without restrictions.

Related resources

Pull Request #53124