| From: | "Rob Abernethy IV" <abernethy(at)dynedge(dot)com> |
|---|---|
| To: | "postgresql" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: SSL Mode |
| Date: | 2002-12-23 05:12:36 |
| Message-ID: | 20021223131236.M56277@dynedge.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
That did it. Thanks.
--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460
> I think the file has to have _restricted_ permissions to be accepted.
>
> The check is:
>
> if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
> buf.st_uid != getuid())
> {
> postmaster_error("bad permissions on private key file
> (%s)", fnbuf); ExitPostmaster(1);
>
> so my guess is that you have to remove group/other permissions on the
> file.
>
> ---------------------------------------------------------------------------
>
> Rob Abernethy IV wrote:
> > I cannot get the postmaster to start up in SSL mode. I receive the following
> > error:
> >
> > bad permissions on private key file (/var/lib/pgsql/data/server.key)
> >
> > I've checked the permissions and everything seems to be fine.
> >
> > ls -al
> > total 56
> > drwx------ 6 postgres postgres 4096 Dec 18 17:17 .
> > drwxr--r-- 4 postgres postgres 4096 Dec 18 17:17 ..
> > drwx------ 4 postgres postgres 4096 Dec 18 16:23 base
> > drwx------ 2 postgres postgres 4096 Dec 18 17:17 global
> > drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_clog
> > -rw------- 1 postgres postgres 2404 Dec 18 16:41 pg_hba.conf
> > -rw------- 1 postgres postgres 1441 Dec 18 16:23 pg_ident.conf
> > -rw------- 1 postgres postgres 4 Dec 18 16:23 PG_VERSION
> > drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_xlog
> > -rw------- 1 postgres postgres 5224 Dec 18 17:17 postgresql.conf
> > -rw------- 1 postgres postgres 20 Dec 18 17:16 postmaster.opts
> > -rw-r--r-- 1 postgres postgres 3223 Dec 18 17:10 server.crt
> > -rw-r--r-- 1 postgres postgres 887 Dec 18 17:10 server.key
> >
> > I'm using postgresql-7.3-2PGDG.
> >
> > Is this the correct list for this type of question? Thanks.
> >
> > --
> > Robert Abernethy IV
> > Dynamic Edge, Inc.
> > 734.975.0460
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> > (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
> >
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square,
> Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-12-23 07:03:26 | Re: StreamServer Port : bind() failed : How to solve this |
| Previous Message | Justin Georgeson | 2002-12-23 04:35:23 | Re: StreamServer Port : bind() failed : How to solve this |