Re: archive command Permission Denied?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jason Long <mailing(dot)list(at)supernovasoftware(dot)com>
Cc: pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: archive command Permission Denied?
Date: 2008-11-08 02:59:06
Message-ID: 29958.1226113146@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Jason Long <mailing(dot)list(at)supernovasoftware(dot)com> writes:
> I got this error
> /usr/sbin/sendmail: Permission denied
> So I guess I need to allow the use of sendmail.

> How is postgres running the command different from my doing it as the
> postgres user or cron running as the postgres user?

SELinux treats it differently: programs that are run as
network-accessible daemons get locked down to do only what the SELinux
policy says they should be able to do.

This is not unreasonable --- if someone managed to crack into your
Apache server, for instance, you'd be really glad that they weren't able
to use the breach to spam the world from your machine.

However, if you want your Postgres server able to do things not listed
in the SELinux policy for it, you'll need to adjust that policy. Or
disable SELinux ... but I don't really recommend doing that if your
machine is at all exposed to the internet.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Brent Wood 2008-11-08 03:20:53 Re: Specifying text to substitute for NULLs in selects
Previous Message Nikolas Everett 2008-11-08 01:49:47 Re: options for launching sql script asynchronously from web app