Hi, Tom,
On Mon, Oct 29, 2018 at 5:08 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Igor Korot <ikorot01@gmail.com> writes:
> > On Mon, Oct 29, 2018 at 1:56 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >> You can set up the log files as readable by the OS group of the server
> >> (see log_file_mode), and then grant membership in that group to whichever
> >> OS accounts you trust. You may also need to move the log directory
> >> out from under $PGDATA to make that work, since PG doesn't like
> >> world-readable data directories.
>
> > I'm trying to make the log file of PG readable of the user who logs in
> > to the current
> > OS session. I don't need a write permission, just read.
> > Because my program will not be started from the "postgres" account.
>
> Well, any such setup is a serious security hole in itself, because
> there is likely to be sensitive data in the postmaster log, eg
> passwords. (Remember that the log file is global to the whole cluster,
> it will not contain just data relevant to the current session.)
> You should only grant access to people who you trust at more or less
> the level of trust you'd put in the installation DBA.
>
> It may be that these concerns are all irrelevant to you because it's
> a single-user installation anyway, but they're not irrelevant to
> people running multi-user installations. So that's why you can't
> get Postgres to do it. In a single-user installation, maybe you
> should just launch the postmaster as that user.
>
> regards, tom lane
OK, I understand.
Thank you.
