Quick Links

pg_rewind: ERROR: could not fetch remote file "global/pg_control": ERROR: permission denied

From:	Zhaoxun Yan <yan(dot)zhaoxun(at)gmail(dot)com>
To:	Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject:	pg_rewind: ERROR: could not fetch remote file "global/pg_control": ERROR: permission denied
Date:	2023-09-26 02:39:26
Message-ID:	CADEX6_UgD3KFEfFwDr0DJauqGDtqja9ELLV_Ny8OWyVZBRL9RQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

I came across this error notice when trying to execute pg_rewind through
repmgr's old primary demotion to standby after recovery. (the old standby @
192.168.1.2 has already executed repmgr standby promote)

https://serverfault.com/questions/1144242

postgres version=15.4 repmgr version=5.4dev and the command to execute such
process and the following feedback are these:

repmgr node rejoin --force-rewind -d 'host=192.168.1.2 port=5432
user=rep dbname=repmgr connect_timeout=5'
NOTICE: rejoin target is node "yzx2" (ID: 2)
NOTICE: pg_rewind execution required for this node to attach to rejoin
target node 2
DETAIL: rejoin target server's timeline 2 forked off current database
system timeline 1 before current recovery point 0/81C6D80
NOTICE: executing pg_rewind
DETAIL: pg_rewind command is "/usr/pgsql-15/bin/pg_rewind -D '/pgdata'
--source-server='host=192.168.1.2 port=5432 user=rep dbname=repmgr
connect_timeout=5'"
ERROR: pg_rewind execution failed
DETAIL: pg_rewind: error: could not fetch remote file
"global/pg_control": ERROR: permission denied for function
pg_read_binary_file

Actually I have grant function pg_read_binary_file's execution right to the
user rep, and here are the setup for this role:

CREATE EXTENSION repmgr;
GRANT pg_checkpoint TO rep;
GRANT pg_read_all_stats TO rep;
GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint,
bigint, boolean

I re-grant the right again using GRANT EXECUTE ON function
pg_read_binary_file(text) TO rep;, and it made no difference. It is not
that the user rep does not have the right to execute the function, but that
the function has no right to fetch remote file "global/pg_control"? BTW, I
did not give ssh right to access postgres Linux account on another server
for security reasons.

Responses

Re: pg_rewind: ERROR: could not fetch remote file "global/pg_control": ERROR: permission denied at 2023-09-27 08:06:17 from Alvaro Herrera

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Rajesh Kumar	2023-09-26 14:04:29	Re: Handling idle connections
Previous Message	Jeff Janes	2023-09-25 17:24:20	Re: Handling idle connections