Re: SSL Mode

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: SSL Mode
Дата
Msg-id 200212231756.gBNHuku25815@candle.pha.pa.us
обсуждение исходный текст
Ответ на SSL Mode  ("Rob Abernethy IV" <abernethy@dynedge.com>)
Ответы Re: SSL Mode
Список pgsql-admin
Дерево обсуждения 
I think the file has to have _restricted_ permissions to be accepted.

The check is:

        if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
            buf.st_uid != getuid())
        {
            postmaster_error("bad permissions on private key file (%s)", fnbuf);
            ExitPostmaster(1);

so my guess is that you have to remove group/other permissions on the
file.

---------------------------------------------------------------------------

Rob Abernethy IV wrote:
> I cannot get the postmaster to start up in SSL mode.  I receive the following
> error:
>
> bad permissions on private key file (/var/lib/pgsql/data/server.key)
>
> I've checked the permissions and everything seems to be fine.
>
> ls -al
> total 56
> drwx------    6 postgres postgres     4096 Dec 18 17:17 .
> drwxr--r--    4 postgres postgres     4096 Dec 18 17:17 ..
> drwx------    4 postgres postgres     4096 Dec 18 16:23 base
> drwx------    2 postgres postgres     4096 Dec 18 17:17 global
> drwx------    2 postgres postgres     4096 Dec 18 16:23 pg_clog
> -rw-------    1 postgres postgres     2404 Dec 18 16:41 pg_hba.conf
> -rw-------    1 postgres postgres     1441 Dec 18 16:23 pg_ident.conf
> -rw-------    1 postgres postgres        4 Dec 18 16:23 PG_VERSION
> drwx------    2 postgres postgres     4096 Dec 18 16:23 pg_xlog
> -rw-------    1 postgres postgres     5224 Dec 18 17:17 postgresql.conf
> -rw-------    1 postgres postgres       20 Dec 18 17:16 postmaster.opts
> -rw-r--r--    1 postgres postgres     3223 Dec 18 17:10 server.crt
> -rw-r--r--    1 postgres postgres      887 Dec 18 17:10 server.key
>
> I'm using postgresql-7.3-2PGDG.
>
> Is this the correct list for this type of question?  Thanks.
>
> --
> Robert Abernethy IV
> Dynamic Edge, Inc.
> 734.975.0460
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

В списке pgsql-admin по дате отправления: