Re: SSL Mode - Mailing list pgsql-admin
| From | Rob Abernethy IV |
|---|---|
| Subject | Re: SSL Mode |
| Date | |
| Msg-id | 20021223131236.M56277@dynedge.com Whole thread Raw |
| In response to | Re: SSL Mode (Bruce Momjian <pgman@candle.pha.pa.us>) |
| List | pgsql-admin |
That did it. Thanks.
--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460
> I think the file has to have _restricted_ permissions to be accepted.
>
> The check is:
>
> if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
> buf.st_uid != getuid())
> {
> postmaster_error("bad permissions on private key file
> (%s)", fnbuf); ExitPostmaster(1);
>
> so my guess is that you have to remove group/other permissions on the
> file.
>
> ---------------------------------------------------------------------------
>
> Rob Abernethy IV wrote:
> > I cannot get the postmaster to start up in SSL mode. I receive the following
> > error:
> >
> > bad permissions on private key file (/var/lib/pgsql/data/server.key)
> >
> > I've checked the permissions and everything seems to be fine.
> >
> > ls -al
> > total 56
> > drwx------ 6 postgres postgres 4096 Dec 18 17:17 .
> > drwxr--r-- 4 postgres postgres 4096 Dec 18 17:17 ..
> > drwx------ 4 postgres postgres 4096 Dec 18 16:23 base
> > drwx------ 2 postgres postgres 4096 Dec 18 17:17 global
> > drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_clog
> > -rw------- 1 postgres postgres 2404 Dec 18 16:41 pg_hba.conf
> > -rw------- 1 postgres postgres 1441 Dec 18 16:23 pg_ident.conf
> > -rw------- 1 postgres postgres 4 Dec 18 16:23 PG_VERSION
> > drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_xlog
> > -rw------- 1 postgres postgres 5224 Dec 18 17:17 postgresql.conf
> > -rw------- 1 postgres postgres 20 Dec 18 17:16 postmaster.opts
> > -rw-r--r-- 1 postgres postgres 3223 Dec 18 17:10 server.crt
> > -rw-r--r-- 1 postgres postgres 887 Dec 18 17:10 server.key
> >
> > I'm using postgresql-7.3-2PGDG.
> >
> > Is this the correct list for this type of question? Thanks.
> >
> > --
> > Robert Abernethy IV
> > Dynamic Edge, Inc.
> > 734.975.0460
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> >
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman@candle.pha.pa.us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square,
> Pennsylvania 19073
pgsql-admin by date: