Igor Korot <ikorot01@gmail.com> writes:
> On Mon, Oct 29, 2018 at 1:56 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> You can set up the log files as readable by the OS group of the server
>> (see log_file_mode), and then grant membership in that group to whichever
>> OS accounts you trust. You may also need to move the log directory
>> out from under $PGDATA to make that work, since PG doesn't like
>> world-readable data directories.
> I'm trying to make the log file of PG readable of the user who logs in
> to the current
> OS session. I don't need a write permission, just read.
> Because my program will not be started from the "postgres" account.
Well, any such setup is a serious security hole in itself, because
there is likely to be sensitive data in the postmaster log, eg
passwords. (Remember that the log file is global to the whole cluster,
it will not contain just data relevant to the current session.)
You should only grant access to people who you trust at more or less
the level of trust you'd put in the installation DBA.
It may be that these concerns are all irrelevant to you because it's
a single-user installation anyway, but they're not irrelevant to
people running multi-user installations. So that's why you can't
get Postgres to do it. In a single-user installation, maybe you
should just launch the postmaster as that user.
regards, tom lane
