Re: current_logfiles not following group access and instead followslog_file_mode permissions - Mailing list pgsql-hackers

From Haribabu Kommi
Subject Re: current_logfiles not following group access and instead followslog_file_mode permissions
Date
Msg-id CAJrrPGdVJ0qxZv8hvgV56qsXyXdm03=54XHhPCsLESu-PZ49GQ@mail.gmail.com
Whole thread Raw
In response to Re: current_logfiles not following group access and instead followslog_file_mode permissions  (Stephen Frost <sfrost@snowman.net>)
Responses Re: current_logfiles not following group access and instead followslog_file_mode permissions
List pgsql-hackers

On Thu, Jan 17, 2019 at 5:49 AM Stephen Frost <sfrost@snowman.net> wrote:
Greetings,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Michael Paquier (michael@paquier.xyz) wrote:
> >> On Tue, Jan 15, 2019 at 10:53:30AM -0500, Tom Lane wrote:
> >>> On reflection, maybe the problem is not that we're giving the file
> >>> the wrong permissions, but that we're putting it in the wrong place?
>
> > I'm not really sure putting it into the logfile directory is such a hot
> > idea as users might have set up external log file rotation of files in
> > that directory.  Of course, in that case they'd probably signal PG right
> > afterwards and PG would go write out a new file, but it still seems
> > pretty awkward.  I'm not terribly against solving this issue that way
> > either though, but I tend to think the originally proposed patch is more
> > sensible.
>
> I dunno, I think that the current design was made without any thought
> whatsoever about the log-files-outside-the-data-directory case.  If
> you're trying to set things up that way, it's because you want to give
> logfile read access to people who shouldn't be able to look into the
> data directory proper.  That makes current_logfiles pretty useless
> to such people, as it's now designed.

... or you just want to move the log files to a more sensible location
than the data directory.  The justification for log_file_mode existing
is because you might want to have log files with different privileges,
but that's quite a different thing.

Thanks for sharing your opinions.

The current_logfiles is used to store the meta data information of current 
writing log files, that is different to log files, so giving permissions of the
log file may not be correct,

> Now, if the expectation is that current_logfiles is just an internal
> working file that users shouldn't access directly, then this argument
> is wrong --- but then why is it documented in user-facing docs?

I really couldn't say why it's documented in the user-facing docs, and
for my 2c I don't really think it should be- there's a function to get
that information.  Sprinkling the data directory with files for users to
access directly doesn't exactly fit my view of what a good API looks
like.

The fact that there isn't any discussion about where that file actually
lives does make me suspect you're right that log files outside the data
directory wasn't really contemplated.

I can only think of reading this file by the user directly when the server
is not available, but I don't find any scenario where that is required?

 
> If we're going to accept the patch as-is, then it logically follows
> that we should de-document current_logfiles, because we're taking the
> position that it's an internal temporary file not meant for user access.

... and hopefully we'd get rid of it one day entirely.

If there is no use of it when server is offline, it will be better to remove that
file with an alternative to provide the current log file name.

With group access mode, the default value of log_file_mode is changed,
Attached patch reflects the same in docs.

Regards,
Haribabu Kommi
Fujitsu Australia
Attachment

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Thread-unsafe coding in ecpg
Next
From: David Rowley
Date:
Subject: Re: pg_dump multi VALUES INSERT