Re: log files and permissions

Kevin Grittner <kevin.grittner@wicourts.gov>

From: "Kevin Grittner" <Kevin.Grittner@wicourts.gov>
To: "Martin Pihlak" <martin.pihlak@gmail.com>, "Tom Lane" <tgl@sss.pgh.pa.us>
Cc: "PostgreSQL-development" <pgsql-hackers@postgresql.org>
Date: 2010-07-01T16:56:13Z
Lists: pgsql-hackers
Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Martin Pihlak <martin.pihlak@gmail.com> writes:
>> It'd be convenient if the log files would have group read access.
>> Then we could make all the DBA or monitoring users members of the
>> postgres group and they'd have direct access to the logs.
>> However, as the "group read" is not likely a universally correct
>> setting, the creation mode needs to be configurable.
> 
> It doesn't appear to me that this helps unless you are willing to
> make the containing director(ies) group-readable/executable as
> well, which is something we've resisted doing.
 
I just tried creating a symbolic link to the pg_log directory and
flagging the existing logs within it to 640.  As a member of the
group I was able to list and view the contents of log files through
the symbolic link, even though I didn't have any authority to the
PostgreSQL data directory.
 
That seems potentially useful to me.
 
-Kevin