Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com> writes:
>> It'd be convenient if the log files would have group read access.
>> Then we could make all the DBA or monitoring users members of the
>> postgres group and they'd have direct access to the logs.
>> However, as the "group read" is not likely a universally correct
>> setting, the creation mode needs to be configurable.
>
> It doesn't appear to me that this helps unless you are willing to
> make the containing director(ies) group-readable/executable as
> well, which is something we've resisted doing.
I just tried creating a symbolic link to the pg_log directory and
flagging the existing logs within it to 640. As a member of the
group I was able to list and view the contents of log files through
the symbolic link, even though I didn't have any authority to the
PostgreSQL data directory.
That seems potentially useful to me.
-Kevin