Quick Links

Re: SSL Mode

From:	Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To:	Rob Abernethy IV <abernethy(at)dynedge(dot)com>
Cc:	postgresql <pgsql-admin(at)postgresql(dot)org>
Subject:	Re: SSL Mode
Date:	2002-12-23 17:56:46
Message-ID:	200212231756.gBNHuku25815@candle.pha.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

I think the file has to have _restricted_ permissions to be accepted.

The check is:

if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
buf.st_uid != getuid())
{
postmaster_error("bad permissions on private key file (%s)", fnbuf);
ExitPostmaster(1);

so my guess is that you have to remove group/other permissions on the
file.

---------------------------------------------------------------------------

Rob Abernethy IV wrote:
> I cannot get the postmaster to start up in SSL mode. I receive the following
> error:
>
> bad permissions on private key file (/var/lib/pgsql/data/server.key)
>
> I've checked the permissions and everything seems to be fine.
>
> ls -al
> total 56
> drwx------ 6 postgres postgres 4096 Dec 18 17:17 .
> drwxr--r-- 4 postgres postgres 4096 Dec 18 17:17 ..
> drwx------ 4 postgres postgres 4096 Dec 18 16:23 base
> drwx------ 2 postgres postgres 4096 Dec 18 17:17 global
> drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_clog
> -rw------- 1 postgres postgres 2404 Dec 18 16:41 pg_hba.conf
> -rw------- 1 postgres postgres 1441 Dec 18 16:23 pg_ident.conf
> -rw------- 1 postgres postgres 4 Dec 18 16:23 PG_VERSION
> drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_xlog
> -rw------- 1 postgres postgres 5224 Dec 18 17:17 postgresql.conf
> -rw------- 1 postgres postgres 20 Dec 18 17:16 postmaster.opts
> -rw-r--r-- 1 postgres postgres 3223 Dec 18 17:10 server.crt
> -rw-r--r-- 1 postgres postgres 887 Dec 18 17:10 server.key
>
> I'm using postgresql-7.3-2PGDG.
>
> Is this the correct list for this type of question? Thanks.
>
> --
> Robert Abernethy IV
> Dynamic Edge, Inc.
> 734.975.0460
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

SSL Mode at 2002-12-23 04:26:39 from Rob Abernethy IV

Responses

Re: SSL Mode at 2002-12-23 05:12:36 from Rob Abernethy IV

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Andreas Schmitz	2002-12-23 18:04:09	Re: locking a table
Previous Message	Andreas Schmitz	2002-12-23 17:56:45	Re: add space to expand database ?