Re: archive command Permission Denied?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jason Long <mailing(dot)list(at)supernovasoftware(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: archive command Permission Denied?
Date: 2008-11-07 22:20:37
Message-ID: 24888.1226096437@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

I wrote:
> That's just bizarre. The permissions on the script itself seem to be
> fine, so the only theory that comes to mind is the server doesn't have
> search (x) permission on one of the containing directory levels ...

Oh, wait, I bet I've got it: you're using a SELinux-enabled system and
SELinux doesn't believe that it's a good idea to let the Postgres server
execute something out of its data directory. That would explain why the
other methods of executing the script work --- typical SELinux policy is
a lot stricter on network-exposed daemon processes than other stuff.

If that is what's happening, you'll find "avc denied" messages in the
system log that correlate to the archive failures.

The solution I'd recommend is putting the script someplace that's more
usual to store scripts. You might be able to do something with changing
the "security context" on the script file instead, but I'm not sure
exactly what to change it to.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Anderson dos Santos Donda 2008-11-07 22:50:37 Show all commands executed
Previous Message Tom Lane 2008-11-07 22:14:33 Re: archive command Permission Denied?