Re: [GENERAL] [pgadmin-hackers] file permission on ssl key
Hi Jeroen,
This is pgAdmin hackers list.
Please send mail to pgsql-general@postgresql.org mailing list for your postgresql related queries.
On Sun, Apr 23, 2017 at 11:25 PM, Jeroen Jacobs <jeroen.jacobs@headincloud.be> wrote:
Hi,I'm getting this error when I try to configure ssl with postgres:pr 23 13:12:47 pgmaster01 pg_ctl: FATAL: private key file "/etc/ssl/pgmaster01-key.pem" has group or world accessApr 23 13:12:47 pgmaster01 pg_ctl: DETAIL: Permissions should be u=rw (0600) or less.The actual permission is:centos@pgmaster01 ~]$ ls -l /etc/ssl/pgmaster01-key.pem-r--r----- 1 root ssl-read 3243 Apr 23 00:00 /etc/ssl/pgmaster01-key.pempostgres user is part of the ssl-read group. Thi ssl key is shared with other software as well, so giving exclusive access to the postgres user is NOT an option.I understand why postgres complains, but I'm pretty sure about what I'm doing here. How can I tell postgres to start anyway, even when it doesn't like those permissions? There should be a way to override this, I'm the admin here, it's up to me to decide to implement my security setup, not the software itself.So basically I have three options:- don't use ssl at all (not an option at all, actually)- create a separate copy of my ssl key file with the correct permissions that postgres likes (ugly workaround)- use another database server which allows me to configure it how I want it.I'm actually considering settling for the last solution, due to this crazy restriction you put in place...Regards,Jeroen.
В списке pgsql-general по дате отправления: