On Fri, Mar 09, 2012 at 10:18:31AM -0500, Tom Lane wrote: > Bruce Momjian <br...@momjian.us> writes: > > What do people think of pg_upgrade setting its umask to 0077 so the log > > and SQL files are only readable by the postgres user? > > +1 for restricting the log files, but I'm dubious that you should alter > the existing permissions on copied files in any way. > > IOW, umask seems like the wrong tool.
I was afraid you would say that. :-( The problem is that these files are being created often by shell redirects, e.g. pg_dump -f out 2> log_file. There is no clean way to control the file creation permissions in this case --- only umask gives us a process-level setting. Actually, one crafty idea would be to do the umask only when I exec something, and when I create the initial files with the new banner you suggested. Let me look into that. Frankly, the permissions are already being modified by the default umask, e.g. 0022. Do we want a zero umask? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
