On Wed, Mar 15, 2017 at 3:00 AM, Tsunakawa, Takayuki <tsunakawa.ta...@jp.fujitsu.com> wrote: > I'm on David's side, too. I don't postmaster to always scan all files at > startup.
+1. Even just doing it during crash recovery, it can take a regrettably long time on machines with tons of relations and a very slow disk. I've been sort of thinking that we should add some logging there so that users know what's happening when that code goes into the tank - I've seen that come up 3 or 4 times now, and I'm getting tired of telling people to run strace to find out. I think Tom's concerns about people doing insecure stuff are excessive. People can do insecure stuff no matter what we do, and trying to prevent them often leads to them doing even-more-insecure stuff. That having been aid, I do wonder whether the idea of allowing group read privileges specifically might be a better concept than a umask, though, because (1) it's not obvious that there's a real use case for anything other than group read privileges, so why not support exactly that to avoid user confusion and (2) umask is a pretty specific concept that may not apply on every platform. For example, AFS has an ACL list instead of using the traditional UNIX permission bits, and I'm not sure Windows has the umask concept exactly either. So wording what we're trying to do a bit more generically might be smart. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers