Log file permissions?
This is a discussion on Log file permissions? within the Pgsql General forums, part of the PostgreSQL category; --> I've noticed that by default postgres writes its log files read/write only by the postgres user. I have a ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 12:19 AM
| ||||
| ||||
 Log file permissions? I've noticed that by default postgres writes its log files read/write only by the postgres user. I have a nagios user I want to be able to analyse the logs. Is there a way to make postgres output them so they can be read by a group? Or am I going to have to write a script? Glyn __________________________________________________ ________ Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq      |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? On 1/31/08, Glyn Astill <glynastill@yahoo.co.uk> wrote: > I've noticed that by default postgres writes its log files read/write > only by the postgres user. > > I have a nagios user I want to be able to analyse the logs. > > Is there a way to make postgres output them so they can be read by a > group? Or am I going to have to write a script? PG itself only writes to stdout/stderr or uses syslog(). The way logs are generated and stored is distro-specific, so you need to look at how your distro does things (perhaps modifying the startup script). -Doug ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org/ |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? Douglas McNaught wrote: > On 1/31/08, Glyn Astill <glynastill@yahoo.co.uk> wrote: > > I've noticed that by default postgres writes its log files read/write > > only by the postgres user. > > > > I have a nagios user I want to be able to analyse the logs. > > > > Is there a way to make postgres output them so they can be read by a > > group? Or am I going to have to write a script? > > PG itself only writes to stdout/stderr or uses syslog(). The way logs > are generated and stored is distro-specific, so you need to look at > how your distro does things (perhaps modifying the startup script). Actually, as of 8.0 there is specialized process that captures stderr and saves it to log files. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? Glyn Astill wrote: > I'm not piping it to a file, postgres is managing the logs. Is there > any way to manage the permissions, or do I just need to create a > script to change the permissions? I think you should be able to chmod the files after they have been created. The postmaster changes its umask to 0077, so no file is group-readable. I don't think is configurable either. Perhaps we should add a log_file_group option, to which we would chgrp() the log files. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk) |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk) -- regards, jr. (jr@tailorware.org.uk) |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk) -- regards, jr. (jr@tailorware.org.uk) |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote: > Glyn Astill wrote: > >> I'm not piping it to a file, postgres is managing the logs. Is there >> any way to manage the permissions, or do I just need to create a >> script to change the permissions? > > I think you should be able to chmod the files after they have been > created. The postmaster changes its umask to 0077, so no file is > group-readable. I don't think is configurable either. just move the logs into a subdir which has permissions applied to it, then not worry about the files inside, since nobody can break through the directory anyhow. ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings |
|
04-10-2008, 12:19 AM
| |||
| |||
| Re: Log file permissions? Vivek Khera wrote: > > On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote: > >> I think you should be able to chmod the files after they have been >> created. The postmaster changes its umask to 0077, so no file is >> group-readable. I don't think is configurable either. > > just move the logs into a subdir which has permissions applied to it, > then not worry about the files inside, since nobody can break through > the directory anyhow. That doesn't work because the files won't be readable by anyone but the postgres user. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster |
|
04-10-2008, 12:19 AM
| ||||
| ||||
| Re: Log file permissions? Alvaro Herrera wrote: > Vivek Khera wrote: > >> On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote: >> >> >>> I think you should be able to chmod the files after they have been >>> created. The postmaster changes its umask to 0077, so no file is >>> group-readable. I don't think is configurable either. >>> >> just move the logs into a subdir which has permissions applied to it, >> then not worry about the files inside, since nobody can break through >> the directory anyhow. >> > > That doesn't work because the files won't be readable by anyone but the > postgres user. > > You could just write a cron job that periodically goes to the log directory and changes the permissions on the existing log files to allow reading by whatever group owns the log files, then make nagios a member of that group. Even if the log file is currently in use, once you change the permissions, they should stick. Of course, there would be a permission change lag between the time the log file switch occurs and the cron job runs... As to Alvaro's recommendation of having a setting to change the log group, I think another idea would be to have a 'log_rotate_script' setting...thus allowing a script to be called with the log file name after a log file is rotated. In such a case one could archive off existing files, and since the switch to a new log file had already occurred, also change permissions, etc if needed. -- Chander Ganesan The Open Technology Group One Copley Parkway, Suite 210 Morrisville, NC 27560 Phone: 877-258-8987/919-463-0999 http://www.otg-nc.com |
Linear Mode
