From: | Dick Snippe <Dick(dot)Snippe(at)tech(dot)omroep(dot)nl> |
---|---|
To: | "Jim C(dot) Nasby" <jim(at)nasby(dot)net> |
Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Dick Snippe <Dick(dot)Snippe(at)tech(dot)omroep(dot)nl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #2088: logfiles only readable by instance owner |
Date: | 2005-12-02 22:30:21 |
Message-ID: | 20051202223020.GB3932@tech.omroep.nl |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Fri, Dec 02, 2005 at 02:11:06PM -0600, Jim C. Nasby wrote:
> On Fri, Dec 02, 2005 at 12:59:17PM -0500, Bruce Momjian wrote:
> > Dick Snippe wrote:
> > > On Fri, Dec 02, 2005 at 12:30:17AM -0500, Tom Lane wrote:
> > >
> > > > "Dick Snippe" <Dick(dot)Snippe(at)tech(dot)omroep(dot)nl> writes:
> > > > > setting umask 077 makes sense for the data files, but not per se for the
> > > > > logfile.
> > > >
> > > > The logfile typically contains data just as sensitive as the data files,
> > >
> > > true.
> > >
> > > > so I disagree.
> > >
> > > we run postgresql as a database engine behind a number of websites.
> > > Typically all the data in the database is public data . It would be very
> > > nice if there was a method of letting our developers _read_ the logfile,
> > > without giving them _write_ access to the data files.
> > >
> > > What wrong with making this configurable?
> >
> > We can't add every features that people ask for or our software would be
> > unusable. If your log files recycle at midnight, can't you run a cron
> > job to chmod it? I suppose if you can find other users who would like
> > to set the mode flags on the file, we can add it.
>
> Would it be possible to rely on setting umask in the shell instead of
> hardcoding 077? I guess that would end up being dependant on different
> startup scripts though, so it's probably not a good idea.
*mumble* mysql *mumble* $UMASK *mumble* $UMASK_DIR *nuff said* :-)
> An alternative is to just use syslog. Or I believe you could use a
> log-rotation program that allows you to define permissions and tell
> PostgreSQL not to rotate.
I used to use syslog, but prefer direct file logging, because it keeps the
logfiles closer to the application (e.g. useful when running more than 1
instance on the same host)
Using a log rotation program is possible (apache rotatelogs comes to mind),
but that would require starting postgresql with something like
postmaster | rotatelogs
and just hope that rotetelogs doesn't die in the weeks or months that
postmaster runs. Also postmaster can't be started as a daemon in this case.
The other log rotation option (typically logrotate; e.g. let postgresql
log to file and periodically rotate that file by using an external
script) may not be an option, because I'm not sure that postgresql
closes and reopens its logfiles when it receives a sighup.
I think I'll stick to touching the logfiles 5 minutes before postmaster
may decide to create them.
--
Dick Snippe - een Coordinator Publieke Omroep Internet Services
Gebouw 12.401 (peperbus) Sumatralaan 45 Hilversum \ fight war
tel +31 35 6774252, email beheer(at)omroep(dot)nl []() \ not wars
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-12-02 23:14:58 | Re: BUG #2090: error in man-page of postmaster |
Previous Message | Dick Snippe | 2005-12-02 22:16:03 | Re: BUG #2088: logfiles only readable by instance owner |