Re: Log operating system user connecting via unix socket

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: José Arthur Benetasso Villanova <jose(dot)arthur(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Log operating system user connecting via unix socket
Date: 2016-01-17 16:48:52
Message-ID: 13536.1453049332@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> What I think we really want here is logging of the general 'system
> user' for all auth methods instead of only for the 'peer' method.

Well, we don't really know that except in a small subset of auth
methods. I agree that when we do know it, it's useful info to log.

My big beef with the proposed patch is that the log message is emitted
unconditionally. There are lots and lots of users who feel that during
normal operation, *zero* log messages should get emitted. Those villagers
would be on our doorsteps with pitchforks if we shipped this patch as-is.

I would propose that this information should be emitted only when
log_connections is enabled, and indeed that it should be part of the
log_connections message not a separate message. So this leads to
thinking that somehow, the code for individual auth methods should
be able to return an "additional info" field for inclusion in
log_connections. We already have such a concept for auth failures,
cf commit 5e0b5dcab.

> ... and also make it available in pg_stat_activity.

That's moving the goalposts quite a bit, and I'm not sure it's necessary
or even desirable. Let's just get this added to log_connections output,
and then see if there's field demand for more.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2016-01-17 17:07:01 Re: Log operating system user connecting via unix socket
Previous Message Stephen Frost 2016-01-17 16:16:57 Re: Log operating system user connecting via unix socket