With logging_collector enabled, all the postgres log files are created with
mode 0600. This makes life complicated if users other than "postgres" need
to be able to examine the log files as well. Common example of this is when the
database runs under "postgres" user and DBA-s have named accounts. In order to
examine the log files the DBA then has to go through extra steps to sudo to
"postgres" or equivalent. Another example would be a monitoring script that
runs as an unprivileged user but needs to tail the log files.
It'd be convenient if the log files would have group read access. Then we could
make all the DBA or monitoring users members of the postgres group and they'd
have direct access to the logs. However, as the "group read" is not likely a
universally correct setting, the creation mode needs to be configurable.
Attached is a patch that adds a GUC "log_file_mode" which allows to specify
the creation mode for the log files. Presently it lacks documentation, which
I'll add if the idea is generally acceptable.
PS. I have no idea how all of this would work on Windows, maybe it's not
event relevant there?
pgsql-hackers by date
|Next:||From: Martin Pihlak||Date: 2010-07-01 16:15:58|
|Subject: Re: log files and permissions|
|Previous:||From: Guillaume Lelarge||Date: 2010-07-01 16:11:54|
|Subject: Re: Cannot cancel the change of a tablespace|