| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Bryn Llewellyn <bryn(at)yugabyte(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Cc: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Subject: | Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all" |
| Date: | 2022-11-01 06:48:52 |
| Message-ID: | 41ba7401df2baa95daed163f946976669a19913c.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2022-10-31 at 22:03 -0700, Bryn Llewellyn wrote:
> I followed Peter's recommendation NOT to put my "clstr_mgr" O/S user in the "postgres"
> group—having earlier had it there. But doing so brought this content-free error message
> on an attempt to authorize using the intended method:
>
> Error: Invalid data directory for cluster 11 main
That*s a message from the *server*, which always runs under the same OS user.
> A bit of Googling got me to this on the pgsql-general list (from the Peter, in fact):
>
> https://www.postgresql.org/message-id/20190909171519.GA7858%40hjp.at
>
> on that very topic.
>
> It seems that the error message is simply misleading and that it should read "Cannot read
> the config_file, hba_file, or ident_file" — as they are named in this query's output":
>
> select name, setting
> from pg_settings
> where category = 'File Locations';
>
> Sure enough, neither my hba_file nor my ident_file were readable by "all" (but they were
> readable by "group"). However, the config_file was readable by "all". I've no idea what
> the history of those permissions is. Maybe I changed something along the way. I s'pose
> that I'd better regard my present installation as a dress rehearsal and simply redo it
> starting by restoring my "bare" Linux VM from file backup.
>
> Anyway, just to prove the point, I chmod'd my hba_file and my ident_file to make them
> readable by all. And the silly error message went away.
>
> However, that feels wrong to me. It would seem proper to put any user who you want to
> set up for "local", "peer" authentication into the "postgres" group.
>
> What do you (all) think?
I think that you are doing something very weird, but I have no idea what it is.
Please tell us the exact commands you ran.
The client user should *never* read the PostgreSQL configuration files, so if changing
the permissions (which you should *never* do) has an effect, you must be doing something
very strange, like trying to start the database server with the wrong user.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2022-11-01 06:51:27 | Re: Autovacuum on Partitioned Tables |
| Previous Message | Michael Paquier | 2022-11-01 06:01:56 | Re: empty pg_stat_progress_vacuum |