On Fri, Jan 13, 2017 at 5:48 PM, Gilles Darold <gilles.dar...@dalibo.com> wrote: > Le 13/01/2017 à 05:26, Michael Paquier a écrit : >> Surely the temporary file of current_logfiles should not be included >> in base backups (look at basebackup.c). Documentation needs to reflect >> that as well. Also, should we have current_logfiles in a base backup? >> I would think no. > Done but can't find any documentation about the file exclusion, do you > have a pointer?
protocol.sgml, in the protocol-replication part. You could search for the paragraph that contains postmaster.opts. There is no real harm in including current_logfiles in base backups, but that's really in the same bag as postmaster.opts or postmaster.pid, particularly if the log file name has a timestamp. >> pg_current_logfile() can be run by *any* user. We had better revoke >> its access in system_views.sql! > Why? There is no special information returned by this function unless > the path but it can be retrieve using show log_directory. log_directory could be an absolute path, and we surely don't want to let normal users have a look at it. For example, "show log_directory" can only be seen by superusers. As Stephen Frost is for a couple of months (years?) on a holly war path against super-user checks in system functions, I think that revoking the access to this function is the best thing to do. It is as well easier to restrict first and relax, the reverse is harder to justify from a compatibility point of view. -- Michael -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers