From: | "Jim C(dot) Nasby" <jim(at)nasby(dot)net> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Dick Snippe <Dick(dot)Snippe(at)tech(dot)omroep(dot)nl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #2088: logfiles only readable by instance owner |
Date: | 2005-12-02 20:11:06 |
Message-ID: | 20051202201105.GS13642@nasby.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Fri, Dec 02, 2005 at 12:59:17PM -0500, Bruce Momjian wrote:
> Dick Snippe wrote:
> > On Fri, Dec 02, 2005 at 12:30:17AM -0500, Tom Lane wrote:
> >
> > > "Dick Snippe" <Dick(dot)Snippe(at)tech(dot)omroep(dot)nl> writes:
> > > > setting umask 077 makes sense for the data files, but not per se for the
> > > > logfile.
> > >
> > > The logfile typically contains data just as sensitive as the data files,
> >
> > true.
> >
> > > so I disagree.
> >
> > we run postgresql as a database engine behind a number of websites.
> > Typically all the data in the database is public data . It would be very
> > nice if there was a method of letting our developers _read_ the logfile,
> > without giving them _write_ access to the data files.
> >
> > What wrong with making this configurable?
>
> We can't add every features that people ask for or our software would be
> unusable. If your log files recycle at midnight, can't you run a cron
> job to chmod it? I suppose if you can find other users who would like
> to set the mode flags on the file, we can add it.
Would it be possible to rely on setting umask in the shell instead of
hardcoding 077? I guess that would end up being dependant on different
startup scripts though, so it's probably not a good idea.
An alternative is to just use syslog. Or I believe you could use a
log-rotation program that allows you to define permissions and tell
PostgreSQL not to rotate.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
From | Date | Subject | |
---|---|---|---|
Next Message | Dick Snippe | 2005-12-02 22:16:03 | Re: BUG #2088: logfiles only readable by instance owner |
Previous Message | Jim C. Nasby | 2005-12-02 19:57:09 | Re: BUG #2087: Bogus error message on CREATE TRIGGER with a SQL function |