Re: log files and permissions

Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Martin Pihlak <martin.pihlak@gmail.com> writes:
>> It'd be convenient if the log files would have group read access.
>> Then we could make all the DBA or monitoring users members of the
>> postgres group and they'd have direct access to the logs.
>> However, as the "group read" is not likely a universally correct
>> setting, the creation mode needs to be configurable.
> 
> It doesn't appear to me that this helps unless you are willing to
> make the containing director(ies) group-readable/executable as
> well, which is something we've resisted doing.
I just tried creating a symbolic link to the pg_log directory and
flagging the existing logs within it to 640.  As a member of the
group I was able to list and view the contents of log files through
the symbolic link, even though I didn't have any authority to the
PostgreSQL data directory.
That seems potentially useful to me.
-Kevin