Обсуждение: Log file permissions?
I've noticed that by default postgres writes its log files read/write only by the postgres user. I have a nagios user I want to be able to analyse the logs. Is there a way to make postgres output them so they can be read by a group? Or am I going to have to write a script? Glyn __________________________________________________________ Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
On 1/31/08, Glyn Astill <glynastill@yahoo.co.uk> wrote: > I've noticed that by default postgres writes its log files read/write > only by the postgres user. > > I have a nagios user I want to be able to analyse the logs. > > Is there a way to make postgres output them so they can be read by a > group? Or am I going to have to write a script? PG itself only writes to stdout/stderr or uses syslog(). The way logs are generated and stored is distro-specific, so you need to look at how your distro does things (perhaps modifying the startup script). -Doug
Douglas McNaught wrote: > On 1/31/08, Glyn Astill <glynastill@yahoo.co.uk> wrote: > > I've noticed that by default postgres writes its log files read/write > > only by the postgres user. > > > > I have a nagios user I want to be able to analyse the logs. > > > > Is there a way to make postgres output them so they can be read by a > > group? Or am I going to have to write a script? > > PG itself only writes to stdout/stderr or uses syslog(). The way logs > are generated and stored is distro-specific, so you need to look at > how your distro does things (perhaps modifying the startup script). Actually, as of 8.0 there is specialized process that captures stderr and saves it to log files. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
--- Alvaro Herrera <alvherre@commandprompt.com> wrote: > > > > PG itself only writes to stdout/stderr or uses syslog(). The way > logs > > are generated and stored is distro-specific, so you need to look > at > > how your distro does things (perhaps modifying the startup > script). > > Actually, as of 8.0 there is specialized process that captures > stderr > and saves it to log files. > Yes that's what I thought. I'm not piping it to a file, postgres is managing the logs. Is there any way to manage the permissions, or do I just need to create a script to change the permissions? __________________________________________________________ Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
Glyn Astill wrote: > I'm not piping it to a file, postgres is managing the logs. Is there > any way to manage the permissions, or do I just need to create a > script to change the permissions? I think you should be able to chmod the files after they have been created. The postmaster changes its umask to 0077, so no file is group-readable. I don't think is configurable either. Perhaps we should add a log_file_group option, to which we would chgrp() the log files. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk)
hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk) -- regards, jr. (jr@tailorware.org.uk)
hi, allow me to show-off my ignorance.. I think that logging via 'syslogd' and managing log files with 'logrotate' already meets the requirements. Alvaro Herrera wrote: > > Perhaps we should add a log_file_group option, to which we would chgrp() > the log files. > regards, jr. (jr@tailorware.org.uk) -- regards, jr. (jr@tailorware.org.uk)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 31 Jan 2008 18:13:53 +0000 jr <jorg.raskowski@tailorware.org.uk> wrote: > hi, allow me to show-off my ignorance.. I think that logging via > 'syslogd' and managing log files with 'logrotate' already meets the > requirements. Unless you don't have access to /var/log (on linux) but do have access to postgresql logs. Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHohLkATb/zqfZUUQRAo9BAKCuRHq/nF+NybRfZV7D7a0+VbmRQgCcCZy8 lda+kq5/vmTtfU+yipEnQdc= =G47G -----END PGP SIGNATURE-----
On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote: > Glyn Astill wrote: > >> I'm not piping it to a file, postgres is managing the logs. Is there >> any way to manage the permissions, or do I just need to create a >> script to change the permissions? > > I think you should be able to chmod the files after they have been > created. The postmaster changes its umask to 0077, so no file is > group-readable. I don't think is configurable either. just move the logs into a subdir which has permissions applied to it, then not worry about the files inside, since nobody can break through the directory anyhow.
Vivek Khera wrote: > > On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote: > >> I think you should be able to chmod the files after they have been >> created. The postmaster changes its umask to 0077, so no file is >> group-readable. I don't think is configurable either. > > just move the logs into a subdir which has permissions applied to it, > then not worry about the files inside, since nobody can break through > the directory anyhow. That doesn't work because the files won't be readable by anyone but the postgres user. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
Alvaro Herrera wrote:
As to Alvaro's recommendation of having a setting to change the log group, I think another idea would be to have a 'log_rotate_script' setting...thus allowing a script to be called with the log file name after a log file is rotated. In such a case one could archive off existing files, and since the switch to a new log file had already occurred, also change permissions, etc if needed.
You could just write a cron job that periodically goes to the log directory and changes the permissions on the existing log files to allow reading by whatever group owns the log files, then make nagios a member of that group. Even if the log file is currently in use, once you change the permissions, they should stick. Of course, there would be a permission change lag between the time the log file switch occurs and the cron job runs...Vivek Khera wrote:On Jan 31, 2008, at 10:21 AM, Alvaro Herrera wrote:I think you should be able to chmod the files after they have been created. The postmaster changes its umask to 0077, so no file is group-readable. I don't think is configurable either.just move the logs into a subdir which has permissions applied to it, then not worry about the files inside, since nobody can break through the directory anyhow.That doesn't work because the files won't be readable by anyone but the postgres user.
As to Alvaro's recommendation of having a setting to change the log group, I think another idea would be to have a 'log_rotate_script' setting...thus allowing a script to be called with the log file name after a log file is rotated. In such a case one could archive off existing files, and since the switch to a new log file had already occurred, also change permissions, etc if needed.
-- Chander Ganesan The Open Technology Group One Copley Parkway, Suite 210 Morrisville, NC 27560 Phone: 877-258-8987/919-463-0999 http://www.otg-nc.com