Re: current_logfiles not following group access and instead follows log_file_mode permissions

From: Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Gilles Darold <gilles(dot)darold(at)dalibo(dot)com>
Subject: Re: current_logfiles not following group access and instead follows log_file_mode permissions
Date: 2019-02-04 01:16:56
Message-ID: CAJrrPGe-v2_LMFD9nHrBEjJy3vVOKJwY3w_h+Fs2nxCJg3PbaA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Feb 1, 2019 at 7:22 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:

> On Fri, Jan 18, 2019 at 09:50:40AM -0500, Stephen Frost wrote:
> > Yes, we should update the documentation in this regard, though it's
> > really an independent thing as that documentation should have been
> > updated in the original group-access patch, so I'll see about fixing
> > it and back-patching it.
>
> Stephen, could you apply Hari's patch then? I am not sure what the
> consensus is, but documenting the restriction is the minimum we can
> do.
>
> - The default permissions are <literal>0600</literal>, meaning only the
> - server owner can read or write the log files. The other commonly
> - useful setting is <literal>0640</literal>, allowing members of the
> owner's
> - group to read the files. Note however that to make use of such a
> - setting, you'll need to alter <xref linkend="guc-log-directory"/> to
> - store the files somewhere outside the cluster data directory. In
> - any case, it's unwise to make the log files world-readable, since
> - they might contain sensitive data.
> + The default permissions are either <literal>0600</literal>, meaning
> only the
> + server owner can read or write the log files or
> <literal>0640</literal>, that
> + allows any user in the same group can read the log files, based on
> the new
> + cluster created with <option>--allow-group-access</option> option of
> <command>initdb</command>
> + command. Note however that to make use of any setting other than
> default,
> + you'll need to alter <xref linkend="guc-log-directory"/> to store the
> files
> + somewhere outside the cluster data directory.
>
> I would formulate that differently, by just adding an extra paragraph
> to mention that using <literal>0640</literal> is recommended to be
> compatible with initdb's --allow-group-access instead of sticking it
> on the middle of the existing paragraph.
>

Thanks for the review.
I changed the log_file_mode doc patch as per your comment.

How about the attached?

And regarding current_logfiles permissions, I feel this file should have
permissions of data directory files as it is present in the data directory
whether it stores the information of log file, until this file is completely
removed with another approach to store the log file details.

I am not sure whether this has been already discussed or not? How about
using shared memory to store the log file names? So that we don't need
of this file?

Regards,
Haribabu Kommi
Fujitsu Australia

Attachment Content-Type Size
0001-log_file_mode-recommended-value-update.patch application/octet-stream 1.8 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2019-02-04 01:40:40 Re: Libpq support to connect to standby server as priority
Previous Message Michael Paquier 2019-02-04 00:58:27 Re: initdb --allow-group-access behaviour in windows