From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | John Cartwright <John(dot)C(dot)Cartwright(at)noaa(dot)gov> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: php pg_connect fails, pgsql works |
Date: | 2008-03-10 20:51:53 |
Message-ID: | 22683.1205182313@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
John Cartwright <John(dot)C(dot)Cartwright(at)noaa(dot)gov> writes:
> I'm using php 5.1.6 on a RHEL 5 system connecting to a postgresql server
> version 8.2.3. I think that TCP connections are enabled correctly in
> the server's pg_hba.conf and I can successfully connect from the client
> using pgsql. However, trying to use pg_connect() w/ a call like:
> $con = pg_connect("host='postgres1.ngdc.noaa.gov' port=5432
> sslmode='allow' user='test' password='mypassword' dbname='test'")
> fails saying:
> Unable to connect to PostgreSQL server: could not connect to server:
> Permission denied
Are you running the php script manually, or is it actually executing
inside a daemon such as Apache? If the latter, I'll bet this is a
SELinux issue --- SELinux is set up to constrain daemons a lot more
tightly than interactive commands, so that they can't easily be used to
break into your system.
I don't know much about how to fix it, other than the extremely
brute-force tool of "setenforce 0". On current Fedora it looks like the
way is probably "setsebool -P allow_user_postgresql_connect 1", but I'm
not sure if RHEL5 uses that approach or something older.
It's also possible that the policy is OK but you have some files
with the wrong security labeling.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-03-10 20:57:25 | Re: Reindexdb + relation error |
Previous Message | John Cartwright | 2008-03-10 20:14:03 | php pg_connect fails, pgsql works |