Re: SAST FATAL: could not access private key file "server.key"

On Tue, Jul 1, 2008 at 5:52 PM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
> If you don't need SSL, set 'ssl=off' in postgresql.conf.
> If you want SSL,
> 1) read the manual on SSL support
> http://www.postgresql.org/docs/8.3/static/ssl-tcp.html
> 2) Is there a file server.key? If yes, make it readable to the
> postgres user. If not, create it as documented.

Hi Albe, thanks very much for helping me here...

Here is the contents of my /var/lib/postgresql/8.2/main/ :

root(at)Admin:/var/lib/postgresql/8.2/main# ls -l
total 9
drwx------ 7 postgres postgres 168 2008-06-29 11:27 base
drwx------ 2 postgres postgres 768 2008-06-30 13:01 global
drwx------ 2 postgres postgres 72 2008-06-24 09:37 pg_clog
drwx------ 4 postgres postgres 96 2008-06-24 09:37 pg_multixact
drwx------ 2 postgres postgres 72 2008-06-24 09:37 pg_subtrans
drwx------ 2 postgres postgres 48 2008-06-24 09:37 pg_tblspc
drwx------ 2 postgres postgres 48 2008-06-24 09:37 pg_twophase
-rw------- 1 postgres postgres 4 2008-06-24 09:37 PG_VERSION
drwx------ 3 postgres postgres 120 2008-06-24 09:37 pg_xlog
-rw------- 1 postgres postgres 125 2008-06-30 08:59 postmaster.opts
lrwxrwxrwx 1 root root 31 2008-06-24 09:37 root.crt ->
/etc/postgresql-common/root.crt
lrwxrwxrwx 1 root root 36 2008-06-24 09:37 server.crt ->
/etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 2008-06-24 09:37 server.key ->
/etc/ssl/private/ssl-cert-snakeoil.key

'server.key' seems to be writable to all and sundry, although the file
it is linked to (ssl-cert-snakeoil.key) is not:

root(at)Admin:/etc/ssl/private# ls -l
total 4
-rw------- 1 root ssl-cert 887 2008-06-11 12:18 ssl-cert-snakeoil.key