On 07/01/2010 12:56 PM, Kevin Grittner wrote:
> I just tried creating a symbolic link to the pg_log directory and
> flagging the existing logs within it to 640. As a member of the
> group I was able to list and view the contents of log files through
> the symbolic link, even though I didn't have any authority to the
> PostgreSQL data directory.
>
> That seems potentially useful to me.
Symlinks are exactly equivalent to using the target of the link. Your
permissions are probably already arranged so that you (as a group
member) can access the files. Fedora's initscript seems to deliberately
revoke group permissions from PGDATA and pg_log so I'm guessing that at
some point some things were created with some group permissions.
That said, as Martin mentions one can easily place the log directory
outside of the data directory and set appropriate directory permissions.
-- m. tharp
