Skip site navigation (1) Skip section navigation (2)

Re: log files and permissions

From: Michael Tharp <gxti(at)partiallystapled(dot)com>
To: Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>
Cc: Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: log files and permissions
Date: 2010-07-01 17:19:16
Message-ID: 4C2CCE14.4030006@partiallystapled.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On 07/01/2010 12:56 PM, Kevin Grittner wrote:
> I just tried creating a symbolic link to the pg_log directory and
> flagging the existing logs within it to 640.  As a member of the
> group I was able to list and view the contents of log files through
> the symbolic link, even though I didn't have any authority to the
> PostgreSQL data directory.
>
> That seems potentially useful to me.

Symlinks are exactly equivalent to using the target of the link. Your 
permissions are probably already arranged so that you (as a group 
member) can access the files. Fedora's initscript seems to deliberately 
revoke group permissions from PGDATA and pg_log so I'm guessing that at 
some point some things were created with some group permissions.

That said, as Martin mentions one can easily place the log directory 
outside of the data directory and set appropriate directory permissions.

-- m. tharp

In response to

Responses

pgsql-hackers by date

Next:From: Stephen J. ButlerDate: 2010-07-01 18:06:33
Subject: Re: log files and permissions
Previous:From: Tom LaneDate: 2010-07-01 17:07:06
Subject: Re: log files and permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group