PostgreSQL won't start: “server.key” has group or world access
https://stackoverflow.com/questions/12087683
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
Whenerver I start PostgreSQL using command:
$ sudo /etc/init.d/postgresql start
Pg doesn't start up. The error reported is:
* Starting PostgreSQL 8.4 database server
* The PostgreSQL server failed to start. Please check the log output:
2010-01-21 22:10:00 PST FATAL: private key file "server.key" has group or world access
2010-01-21 22:10:00 PST DETAIL: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
... and when I try to access psql as the postgres user with:
$ sudo su postgres
$ psql
it gives me an error:
could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Solución
I had solved it using ..
1) Enter the relevant directory (use> locate server.key)
2) Back up old server.key link.
3) Copy ssl-cert-snakeoil.key to server.key
4-5) Change its owner & group to postgres
6) Ensure the permissions are 700 or 740 (as requested by error message)
Recipe for my Ubuntu 12.04 & postgresql-8.3:
sudo cd /var/lib/postgresql/8.3/main/
sudo mv server.key server.key-0
sudo cp /etc/ssl/private/ssl-cert-snakeoil.key server.key
sudo chown postgres server.key
sudo chgrp postgres server.key
sudo chmod 740 server.key
sudo /etc/init.d/postgres-8.3 start
And now its working ! Thanks for support.
Otros consejos
How about not to hard copying the Server Key and leaving it where and like it is.
Instead it is simplier to:
Change the "server.key" link Permissions in PostgreSQL Data Directory (its the Location where the Link to the private certificate.key File resides)
# cd /var/lib/postgresql/9.1/main/
to
# chown -R postgres:postgres server.key`
And make sure that the original Certificate in
# /etc/ssl/private/ssl-cert-snakeoil.key
has those Properties, by Setting them
# chmod 640 ssl-cert-snakeoil.key
# chown root:ssl-cert ssl-cert-snakeoil.key
This Solution has been tested on Debian. Please remember that CentOS can use the SELinux with extended User Rights Management, which can be viewed by
# ls -laZ *
As the error message says, fix the permissions for the key file server.key. The server runs as user "postgres" which should own the file. Try
#cd <path/to/pgsql/data>
#chown postgres server.key
#chmod 0640 server.key
It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
gpasswd -a postgres ssl-cert
Setthe permissions of /etc/ssl/private to root:ssl-cert. Comments on this issue made me try this solution.
NOTE: even tough the answer is accepted, it didn't solve my issue. To help someone else i wanted to answer here.
sudo chown postgres /var/lib/postgresql/8.4/main/server.key
sudo chmod 0640 /var/lib/postgresql/8.4/main/server.key
Hit tab after postgresql to confirm your version.
Follow this https://www.postgresql.org/docs/9.6/ssl-tcp.html
use "chmod og-rwx server.key" and change user to postgres user using chown command.
