Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit3ec694e

Browse files
committed
Add a log_file_mode GUC that allows control of the file permissions set on
log files created by the syslogger process.In passing, make unix_file_permissions display its value in octal, sameas log_file_mode now does.Martin Pihlak
1 parent6b0937c commit3ec694e

File tree

5 files changed

+129
-62
lines changed

5 files changed

+129
-62
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.295 2010/07/1611:20:23 heikki Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.296 2010/07/1622:25:47 tgl Exp $ -->
22

33
<chapter Id="runtime-config">
44
<title>Server Configuration</title>
@@ -2844,6 +2844,39 @@ local0.* /var/log/postgresql
28442844
</listitem>
28452845
</varlistentry>
28462846

2847+
<varlistentry id="guc-log-file-mode" xreflabel="log_file_mode">
2848+
<term><varname>log_file_mode</varname> (<type>integer</type>)</term>
2849+
<indexterm>
2850+
<primary><varname>log_file_mode</> configuration parameter</primary>
2851+
</indexterm>
2852+
<listitem>
2853+
<para>
2854+
On Unix systems this parameter sets the permissions for log files
2855+
when <varname>logging_collector</varname> is enabled. (On Microsoft
2856+
Windows this parameter is ignored.)
2857+
The parameter value is expected to be a numeric mode
2858+
specified in the format accepted by the
2859+
<function>chmod</function> and <function>umask</function>
2860+
system calls. (To use the customary octal format the number
2861+
must start with a <literal>0</literal> (zero).)
2862+
</para>
2863+
<para>
2864+
The default permissions are <literal>0600</>, meaning only the
2865+
server owner can read or write the log files. The other commonly
2866+
useful setting is <literal>0640</>, allowing members of the owner's
2867+
group to read the files. Note however that to make use of such a
2868+
setting, you'll need to alter <xref linkend="guc-log-directory"> to
2869+
store the files somewhere outside the cluster data directory. In
2870+
any case, it's unwise to make the log files world-readable, since
2871+
they might contain sensitive data.
2872+
</para>
2873+
<para>
2874+
This parameter can only be set in the <filename>postgresql.conf</>
2875+
file or on the server command line.
2876+
</para>
2877+
</listitem>
2878+
</varlistentry>
2879+
28472880
<varlistentry id="guc-log-rotation-age" xreflabel="log_rotation_age">
28482881
<term><varname>log_rotation_age</varname> (<type>integer</type>)</term>
28492882
<indexterm>

‎src/backend/postmaster/syslogger.c

Lines changed: 51 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
*
1919
*
2020
* IDENTIFICATION
21-
* $PostgreSQL: pgsql/src/backend/postmaster/syslogger.c,v 1.58 2010/07/06 19:18:57 momjian Exp $
21+
* $PostgreSQL: pgsql/src/backend/postmaster/syslogger.c,v 1.59 2010/07/16 22:25:50 tgl Exp $
2222
*
2323
*-------------------------------------------------------------------------
2424
*/
@@ -73,6 +73,7 @@ intLog_RotationSize = 10 * 1024;
7373
char*Log_directory=NULL;
7474
char*Log_filename=NULL;
7575
boolLog_truncate_on_rotation= false;
76+
intLog_file_mode=0600;
7677

7778
/*
7879
* Globally visible state (used by elog.c)
@@ -135,6 +136,8 @@ static void syslogger_parseArgs(int argc, char *argv[]);
135136
staticvoidprocess_pipe_input(char*logbuffer,int*bytes_in_logbuffer);
136137
staticvoidflush_pipe_input(char*logbuffer,int*bytes_in_logbuffer);
137138
staticvoidopen_csvlogfile(void);
139+
staticFILE*logfile_open(constchar*filename,constchar*mode,
140+
boolallow_errors);
138141

139142
#ifdefWIN32
140143
staticunsignedint __stdcallpipeThread(void*arg);
@@ -516,15 +519,7 @@ SysLogger_Start(void)
516519
*/
517520
filename=logfile_getname(time(NULL),NULL);
518521

519-
syslogFile=fopen(filename,"a");
520-
521-
if (!syslogFile)
522-
ereport(FATAL,
523-
(errcode_for_file_access(),
524-
(errmsg("could not create log file \"%s\": %m",
525-
filename))));
526-
527-
setvbuf(syslogFile,NULL,LBF_MODE,0);
522+
syslogFile=logfile_open(filename,"a", false);
528523

529524
pfree(filename);
530525

@@ -1000,28 +995,56 @@ static void
1000995
open_csvlogfile(void)
1001996
{
1002997
char*filename;
1003-
FILE*fh;
1004998

1005999
filename=logfile_getname(time(NULL),".csv");
10061000

1007-
fh=fopen(filename,"a");
1001+
csvlogFile=logfile_open(filename,"a", false);
10081002

1009-
if (!fh)
1010-
ereport(FATAL,
1011-
(errcode_for_file_access(),
1012-
(errmsg("could not create log file \"%s\": %m",
1013-
filename))));
1003+
pfree(filename);
1004+
}
1005+
1006+
/*
1007+
* Open a new logfile with proper permissions and buffering options.
1008+
*
1009+
* If allow_errors is true, we just log any open failure and return NULL
1010+
* (with errno still correct for the fopen failure).
1011+
* Otherwise, errors are treated as fatal.
1012+
*/
1013+
staticFILE*
1014+
logfile_open(constchar*filename,constchar*mode,boolallow_errors)
1015+
{
1016+
FILE*fh;
1017+
mode_toumask;
10141018

1015-
setvbuf(fh,NULL,LBF_MODE,0);
1019+
/*
1020+
* Note we do not let Log_file_mode disable IWUSR, since we certainly
1021+
* want to be able to write the files ourselves.
1022+
*/
1023+
oumask=umask((mode_t) ((~(Log_file_mode |S_IWUSR))&0777));
1024+
fh=fopen(filename,mode);
1025+
umask(oumask);
1026+
1027+
if (fh)
1028+
{
1029+
setvbuf(fh,NULL,LBF_MODE,0);
10161030

10171031
#ifdefWIN32
1018-
_setmode(_fileno(fh),_O_TEXT);/* use CRLF line endings on Windows */
1032+
/* use CRLF line endings on Windows */
1033+
_setmode(_fileno(fh),_O_TEXT);
10191034
#endif
1035+
}
1036+
else
1037+
{
1038+
intsave_errno=errno;
10201039

1021-
csvlogFile=fh;
1022-
1023-
pfree(filename);
1040+
ereport(allow_errors ?LOG :FATAL,
1041+
(errcode_for_file_access(),
1042+
errmsg("could not open log file \"%s\": %m",
1043+
filename)));
1044+
errno=save_errno;
1045+
}
10241046

1047+
returnfh;
10251048
}
10261049

10271050
/*
@@ -1070,26 +1093,19 @@ logfile_rotate(bool time_based_rotation, int size_rotation_for)
10701093
if (Log_truncate_on_rotation&&time_based_rotation&&
10711094
last_file_name!=NULL&&
10721095
strcmp(filename,last_file_name)!=0)
1073-
fh=fopen(filename,"w");
1096+
fh=logfile_open(filename,"w", true);
10741097
else
1075-
fh=fopen(filename,"a");
1098+
fh=logfile_open(filename,"a", true);
10761099

10771100
if (!fh)
10781101
{
1079-
intsaveerrno=errno;
1080-
1081-
ereport(LOG,
1082-
(errcode_for_file_access(),
1083-
errmsg("could not open new log file \"%s\": %m",
1084-
filename)));
1085-
10861102
/*
10871103
* ENFILE/EMFILE are not too surprising on a busy system; just
10881104
* keep using the old file till we manage to get a new one.
10891105
* Otherwise, assume something's wrong with Log_directory and stop
10901106
* trying to create files.
10911107
*/
1092-
if (saveerrno!=ENFILE&&saveerrno!=EMFILE)
1108+
if (errno!=ENFILE&&errno!=EMFILE)
10931109
{
10941110
ereport(LOG,
10951111
(errmsg("disabling automatic rotation (use SIGHUP to re-enable)")));
@@ -1104,12 +1120,6 @@ logfile_rotate(bool time_based_rotation, int size_rotation_for)
11041120
return;
11051121
}
11061122

1107-
setvbuf(fh,NULL,LBF_MODE,0);
1108-
1109-
#ifdefWIN32
1110-
_setmode(_fileno(fh),_O_TEXT);/* use CRLF line endings on Windows */
1111-
#endif
1112-
11131123
fclose(syslogFile);
11141124
syslogFile=fh;
11151125

@@ -1128,26 +1138,19 @@ logfile_rotate(bool time_based_rotation, int size_rotation_for)
11281138
if (Log_truncate_on_rotation&&time_based_rotation&&
11291139
last_csv_file_name!=NULL&&
11301140
strcmp(csvfilename,last_csv_file_name)!=0)
1131-
fh=fopen(csvfilename,"w");
1141+
fh=logfile_open(csvfilename,"w", true);
11321142
else
1133-
fh=fopen(csvfilename,"a");
1143+
fh=logfile_open(csvfilename,"a", true);
11341144

11351145
if (!fh)
11361146
{
1137-
intsaveerrno=errno;
1138-
1139-
ereport(LOG,
1140-
(errcode_for_file_access(),
1141-
errmsg("could not open new log file \"%s\": %m",
1142-
csvfilename)));
1143-
11441147
/*
11451148
* ENFILE/EMFILE are not too surprising on a busy system; just
11461149
* keep using the old file till we manage to get a new one.
11471150
* Otherwise, assume something's wrong with Log_directory and stop
11481151
* trying to create files.
11491152
*/
1150-
if (saveerrno!=ENFILE&&saveerrno!=EMFILE)
1153+
if (errno!=ENFILE&&errno!=EMFILE)
11511154
{
11521155
ereport(LOG,
11531156
(errmsg("disabling automatic rotation (use SIGHUP to re-enable)")));
@@ -1162,12 +1165,6 @@ logfile_rotate(bool time_based_rotation, int size_rotation_for)
11621165
return;
11631166
}
11641167

1165-
setvbuf(fh,NULL,LBF_MODE,0);
1166-
1167-
#ifdefWIN32
1168-
_setmode(_fileno(fh),_O_TEXT);/* use CRLF line endings on Windows */
1169-
#endif
1170-
11711168
fclose(csvlogFile);
11721169
csvlogFile=fh;
11731170

‎src/backend/utils/misc/guc.c

Lines changed: 40 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* Written by Peter Eisentraut <peter_e@gmx.net>.
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.561 2010/07/06 22:55:26 rhaas Exp $
13+
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.562 2010/07/16 22:25:50 tgl Exp $
1414
*
1515
*--------------------------------------------------------------------
1616
*/
@@ -174,6 +174,8 @@ static bool assign_autovacuum_max_workers(int newval, bool doit, GucSource sourc
174174
staticboolassign_effective_io_concurrency(intnewval,booldoit,GucSourcesource);
175175
staticconstchar*assign_pgstat_temp_directory(constchar*newval,booldoit,GucSourcesource);
176176
staticconstchar*assign_application_name(constchar*newval,booldoit,GucSourcesource);
177+
staticconstchar*show_unix_socket_permissions(void);
178+
staticconstchar*show_log_file_mode(void);
177179

178180
staticchar*config_enum_get_options(structconfig_enum*record,
179181
constchar*prefix,constchar*suffix,
@@ -1454,13 +1456,27 @@ static struct config_int ConfigureNamesInt[] =
14541456
{"unix_socket_permissions",PGC_POSTMASTER,CONN_AUTH_SETTINGS,
14551457
gettext_noop("Sets the access permissions of the Unix-domain socket."),
14561458
gettext_noop("Unix-domain sockets use the usual Unix file system "
1457-
"permission set. The parameter value is expected to be a numeric mode "
1458-
"specification in the form accepted by the chmod and umask system "
1459-
"calls. (To use the customary octal format the number must start with "
1460-
"a 0 (zero).)")
1459+
"permission set. The parameter value is expected "
1460+
"to be a numeric mode specification in the form "
1461+
"accepted by the chmod and umask system calls. "
1462+
"(To use the customary octal format the number must "
1463+
"start with a 0 (zero).)")
14611464
},
14621465
&Unix_socket_permissions,
1463-
0777,0000,0777,NULL,NULL
1466+
0777,0000,0777,NULL,show_unix_socket_permissions
1467+
},
1468+
1469+
{
1470+
{"log_file_mode",PGC_SIGHUP,LOGGING_WHERE,
1471+
gettext_noop("Sets the file permissions for log files."),
1472+
gettext_noop("The parameter value is expected "
1473+
"to be a numeric mode specification in the form "
1474+
"accepted by the chmod and umask system calls. "
1475+
"(To use the customary octal format the number must "
1476+
"start with a 0 (zero).)")
1477+
},
1478+
&Log_file_mode,
1479+
0600,0000,0777,NULL,show_log_file_mode
14641480
},
14651481

14661482
{
@@ -8084,4 +8100,22 @@ assign_application_name(const char *newval, bool doit, GucSource source)
80848100
returnnewval;
80858101
}
80868102

8103+
staticconstchar*
8104+
show_unix_socket_permissions(void)
8105+
{
8106+
staticcharbuf[8];
8107+
8108+
snprintf(buf,sizeof(buf),"%04o",Unix_socket_permissions);
8109+
returnbuf;
8110+
}
8111+
8112+
staticconstchar*
8113+
show_log_file_mode(void)
8114+
{
8115+
staticcharbuf[8];
8116+
8117+
snprintf(buf,sizeof(buf),"%04o",Log_file_mode);
8118+
returnbuf;
8119+
}
8120+
80878121
#include"guc-file.c"

‎src/backend/utils/misc/postgresql.conf.sample

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,8 @@
269269
# can be absolute or relative to PGDATA
270270
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'# log file name pattern,
271271
# can include strftime() escapes
272+
#log_file_mode = 0600# creation mode for log files,
273+
# begin with 0 to use octal notation
272274
#log_truncate_on_rotation = off# If on, an existing log file of the
273275
# same name as the new log file will be
274276
# truncated rather than appended to.

‎src/include/postmaster/syslogger.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
*
66
* Copyright (c) 2004-2010, PostgreSQL Global Development Group
77
*
8-
* $PostgreSQL: pgsql/src/include/postmaster/syslogger.h,v 1.16 2010/01/02 16:58:08 momjian Exp $
8+
* $PostgreSQL: pgsql/src/include/postmaster/syslogger.h,v 1.17 2010/07/16 22:25:51 tgl Exp $
99
*
1010
*-------------------------------------------------------------------------
1111
*/
@@ -68,6 +68,7 @@ extern intLog_RotationSize;
6868
externPGDLLIMPORTchar*Log_directory;
6969
externPGDLLIMPORTchar*Log_filename;
7070
externboolLog_truncate_on_rotation;
71+
externintLog_file_mode;
7172

7273
externboolam_syslogger;
7374

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp