Re: log files and permissions
Michael Tharp <gxti@partiallystapled.com>
From: Michael Tharp <gxti@partiallystapled.com>
To: Kevin Grittner <Kevin.Grittner@wicourts.gov>
Cc: Martin Pihlak <martin.pihlak@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-07-01T17:19:16Z
Lists: pgsql-hackers
On 07/01/2010 12:56 PM, Kevin Grittner wrote: > I just tried creating a symbolic link to the pg_log directory and > flagging the existing logs within it to 640. As a member of the > group I was able to list and view the contents of log files through > the symbolic link, even though I didn't have any authority to the > PostgreSQL data directory. > > That seems potentially useful to me. Symlinks are exactly equivalent to using the target of the link. Your permissions are probably already arranged so that you (as a group member) can access the files. Fedora's initscript seems to deliberately revoke group permissions from PGDATA and pg_log so I'm guessing that at some point some things were created with some group permissions. That said, as Martin mentions one can easily place the log directory outside of the data directory and set appropriate directory permissions. -- m. tharp