Hi, Tom, On Mon, Oct 29, 2018 at 5:08 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > > Igor Korot <ikorot01@xxxxxxxxx> writes: > > On Mon, Oct 29, 2018 at 1:56 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > >> You can set up the log files as readable by the OS group of the server > >> (see log_file_mode), and then grant membership in that group to whichever > >> OS accounts you trust. You may also need to move the log directory > >> out from under $PGDATA to make that work, since PG doesn't like > >> world-readable data directories. > > > I'm trying to make the log file of PG readable of the user who logs in > > to the current > > OS session. I don't need a write permission, just read. > > Because my program will not be started from the "postgres" account. > > Well, any such setup is a serious security hole in itself, because > there is likely to be sensitive data in the postmaster log, eg > passwords. (Remember that the log file is global to the whole cluster, > it will not contain just data relevant to the current session.) > You should only grant access to people who you trust at more or less > the level of trust you'd put in the installation DBA. > > It may be that these concerns are all irrelevant to you because it's > a single-user installation anyway, but they're not irrelevant to > people running multi-user installations. So that's why you can't > get Postgres to do it. In a single-user installation, maybe you > should just launch the postmaster as that user. > > regards, tom lane OK, I understand. Thank you.
