On 2018-10-29 14:56:06 -0400, Tom Lane wrote:
> Igor Korot <ikorot01@gmail.com> writes:
> > Or I will have to change the owner/group manuall every time I will
> > access the file?
>
> You can set up the log files as readable by the OS group of the server
> (see log_file_mode), and then grant membership in that group to whichever
> OS accounts you trust.
Another way is to use ACLs. Set a default ACL on the log directory which
enforces read permission for some users or groups on all newly created
files.
This is a bit more fine-grained and may be better suited for situations
where different people should be able to read the logs of different
servers. I also find that ACLs are more likely to survive "corrective"
actions by update or init scripts.
Another way would be to log via syslog and configure syslogd to split
the log files according to the username embedded in the log message.
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
