* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Martin Pihlak <martin.pihlak@gmail.com> writes:
> > It'd be convenient if the log files would have group read access. Then we could
> > make all the DBA or monitoring users members of the postgres group and they'd
> > have direct access to the logs. However, as the "group read" is not likely a
> > universally correct setting, the creation mode needs to be configurable.
>
> It doesn't appear to me that this helps unless you are willing to make
> the containing director(ies) group-readable/executable as well, which is
> something we've resisted doing.
Perhaps we should have a umask-like GUC instead of this?
In the end, I agree with and completely understand the OP's complaint.
I havn't run into this issue much since, on Debian systems, we use
logrotate to move log files around and use the copy/truncate method
there, so permissions end up being preserved once an admin has decided
to change them. Might be something to consider, but, really, we should
give the admin some flexibility here, even if the default is the same as
current behaviour.
I'll refrain from bringing up the fact that we're concerned about log
files having group permissions by default, but we ship with "trust" in
pg_hba.conf...
Thanks,
Stephen
