Thanks for your reply, Tom. Not sure exactly what you mean - this is a
php script executed via apache. php scripts w/in the same directory that
don't make database connections seem to work OK.
Your suggestion is a good one though - it may be an SELinux
configuration. I'll try to pursue that direction.
-- john
Tom Lane wrote:
> John Cartwright <John.C.Cartwright@noaa.gov> writes:
>
>> I'm using php 5.1.6 on a RHEL 5 system connecting to a postgresql server
>> version 8.2.3. I think that TCP connections are enabled correctly in
>> the server's pg_hba.conf and I can successfully connect from the client
>> using pgsql. However, trying to use pg_connect() w/ a call like:
>>
>
>
>> $con = pg_connect("host='postgres1.ngdc.noaa.gov' port=5432
>> sslmode='allow' user='test' password='mypassword' dbname='test'")
>>
>
>
>> fails saying:
>>
>
>
>> Unable to connect to PostgreSQL server: could not connect to server:
>> Permission denied
>>
>
> Are you running the php script manually, or is it actually executing
> inside a daemon such as Apache? If the latter, I'll bet this is a
> SELinux issue --- SELinux is set up to constrain daemons a lot more
> tightly than interactive commands, so that they can't easily be used to
> break into your system.
>
> I don't know much about how to fix it, other than the extremely
> brute-force tool of "setenforce 0". On current Fedora it looks like the
> way is probably "setsebool -P allow_user_postgresql_connect 1", but I'm
> not sure if RHEL5 uses that approach or something older.
>
> It's also possible that the policy is OK but you have some files
> with the wrong security labeling.
>
> regards, tom lane
>
