Re: current_logfiles not following group access and instead follows log_file_mode permissions

On Tue, Mar 12, 2019 at 5:03 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:

> On Tue, Feb 26, 2019 at 12:22:53PM +1100, Haribabu Kommi wrote:
> > I checked the code why the current_logfiles is not implemented as
> > shared memory and found that the current syslogger doesn't attach to
> > the shared memory of the postmaster. To support storing the
> > current_logfiles in shared memory, the syslogger process also needs
> > to attach to the shared memory, this seems to be a new
> > infrastructure change.
>
> I don't think you can do that anyway and we should not do it. Shared
> memory can be reset after a backend exits abnormally, but the
> syslogger lives across that. What you sent upthread to improve the
> documentation is in my opinion sufficient:
>
> https://www.postgresql.org/message-id/CAJrrPGe-v2_LMFD9nHrBEjJy3vVOKJwY3w_h+Fs2nxCJg3PbaA@mail.gmail.com
>
> I would not have split the paragraph you broke into two, but instead
> just add this part in-between:
> + <para>
> + Permissions <literal>0640</literal> are recommended to be
> compatible with
> + <application>initdb</application> option
> <option>--allow-group-access</option>.
> + </para>
> Any objections in doing that?
>

If I remember correctly, in one of the mails, you mentioned that having a
separate
para is better. Attached is the updated patch as per your suggestion.

IMO, this update is just a recommendation to the user, and sometimes it is
still
possible that there may be strict permissions for the log file even the
data directory
is allowed for the group access. So I feel it is still better to update the
permissions
of the current_logfiles to the database files permissions than log file
permissions.

Regards,
Haribabu Kommi
Fujitsu Australia