Thread: COPY - permission denied
I have used the COPY command dozens of times! I think I *get* it. But, I'm getting "permission denied" errors. This is a fresh install of Fedora Core 4 (x86). I have Postgresql running under the user postgres. I am logged into to psql as postgres. The files are owned by postgres and are -rw-------. They are being found - it isn't a "file not found" error. My usual routine is to create a directory at the same depth/same parent as the cluster directory called "migrate" and put all my text file of data to load, there. I chown them to be owned by postgres:postgres, and chmod 600 them, if necessary. (In this case I chmod'ed them 777 just grasping at straws). I have bounced the db, made sure the processes and files are owned by postgres. What else is there? COPY consult FROM '/var/lib/pgsql/migrate/consult.txt'; __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On 9/23/05, John Seberg <johnseberg@yahoo.com> wrote:
Turn off or configure SELinux. The default policy prohibits
PostgreSQL from reading files from "weird" places, like
/tmp/ or similar.
Regards,
Dawid
I have used the COPY command dozens of times! I think
I *get* it. But, I'm getting "permission denied"
errors.
This is a fresh install of Fedora Core 4 (x86). I have
Postgresql running under the user postgres. I am
logged into to psql as postgres. The files are owned
by postgres and are -rw-------. They are being found -
it isn't a "file not found" error.
Turn off or configure SELinux. The default policy prohibits
PostgreSQL from reading files from "weird" places, like
/tmp/ or similar.
Regards,
Dawid
John Seberg <johnseberg@yahoo.com> writes: > I have bounced the db, made sure the processes and > files are owned by postgres. What else is there? > > COPY consult FROM > '/var/lib/pgsql/migrate/consult.txt'; This is probably a dumb question, but is 'migrate' owned and readable by 'postgres' as well? If that's not the problem, please post more info, including the error message you get in 'pqsl' and any relevant server log entries. -Doug
On Fri, Sep 23, 2005 at 07:03:44AM -0700, John Seberg wrote: > I have used the COPY command dozens of times! I think > I *get* it. But, I'm getting "permission denied" > errors. > > This is a fresh install of Fedora Core 4 (x86). I have > Postgresql running under the user postgres. I am > logged into to psql as postgres. The files are owned > by postgres and are -rw-------. They are being found - > it isn't a "file not found" error. Have you checked the permissions on the parent directory, the grandparent directory, etc.? -- Michael Fuhr
John Seberg <johnseberg@yahoo.com> writes: > I have used the COPY command dozens of times! I think > I *get* it. But, I'm getting "permission denied" > errors. > This is a fresh install of Fedora Core 4 (x86). I have > Postgresql running under the user postgres. I am > logged into to psql as postgres. The files are owned > by postgres and are -rw-------. They are being found - > it isn't a "file not found" error. Do you have SELinux running in enforcement mode? If so, it's likely denying the server the privilege to read or write anywhere outside /var/lib/pgsql. Check for messages about this in /var/log/messages. regards, tom lane
--- Tom Lane <tgl@sss.pgh.pa.us> wrote: > John Seberg <johnseberg@yahoo.com> writes: > > I have used the COPY command dozens of times! I > think > > I *get* it. But, I'm getting "permission denied" > > errors. > > > This is a fresh install of Fedora Core 4 (x86). I > have > > Postgresql running under the user postgres. I am > > logged into to psql as postgres. The files are > owned > > by postgres and are -rw-------. They are being > found - > > it isn't a "file not found" error. > > Do you have SELinux running in enforcement mode? If > so, it's likely > denying the server the privilege to read or write > anywhere outside > /var/lib/pgsql. Check for messages about this in > /var/log/messages. > I turned off SELinux, and that seemed to do it. Thanks, I would have never thought of that. The thing is - I had *tried* having the files in /var/lib/pgsql (also /var/lib/pgsql/migrate). Maybe they have to be in /var/lib/pgsql/data? I'm sure ownership/rights were correct. I'm going to rebuild this server for other reasons, anyway, so, I'll find out, then... Thanks again. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On 9/23/05, John Seberg <johnseberg@yahoo.com> wrote:
No, no. It's not how SELinux policies work. They are
completely orthogonal to ownership/permissions.
There is a process called labelling, during which
each and every file is being marked with a label.
A label describes what kind of data such file is,
for instance "config file for Apache" or "database
file for PostgreSQL" (only the labels are symbolic,
not English text).
Then, each process runs in a context, say maybe
a PostgreSQL server context. The context defines
what can it do -- which ports can it bind to, which
files (which labels!) can it read and/or write etc.
If you simply moved files into /var/lib/pgsql/ it probably
wasn't enough -- files probably are already labelled
as your home directory files or so. You need to
relabel them so PostgreSQL could read them
(I don't remember the command to do so).
And please note that when you try using PL/perl you may
run into problems -- the policy definition may not contain
permissions to read perl modules. And so on, and so on.
SELinux is a fine piece of software, but it's a sturdy beast
to configure and I tend to think that the best approach is
to write policy from scratch tailored to specific needs...
Regards,
Dawid
--- Tom Lane <tgl@sss.pgh.pa.us> wrote:
> John Seberg <johnseberg@yahoo.com> writes:
> > I have used the COPY command dozens of times! I
> think
> > I *get* it. But, I'm getting "permission denied"
> > errors.
>
> > This is a fresh install of Fedora Core 4 (x86). I
> have
> > Postgresql running under the user postgres. I am
> > logged into to psql as postgres. The files are
> owned
> > by postgres and are -rw-------. They are being
> found -
> > it isn't a "file not found" error.
>
> Do you have SELinux running in enforcement mode? If
> so, it's likely
> denying the server the privilege to read or write
> anywhere outside
> /var/lib/pgsql. Check for messages about this in
> /var/log/messages.
>
I turned off SELinux, and that seemed to do it.
Thanks, I would have never thought of that.
The thing is - I had *tried* having the files in
/var/lib/pgsql (also /var/lib/pgsql/migrate). Maybe
they have to be in /var/lib/pgsql/data? I'm sure
ownership/rights were correct.
No, no. It's not how SELinux policies work. They are
completely orthogonal to ownership/permissions.
There is a process called labelling, during which
each and every file is being marked with a label.
A label describes what kind of data such file is,
for instance "config file for Apache" or "database
file for PostgreSQL" (only the labels are symbolic,
not English text).
Then, each process runs in a context, say maybe
a PostgreSQL server context. The context defines
what can it do -- which ports can it bind to, which
files (which labels!) can it read and/or write etc.
If you simply moved files into /var/lib/pgsql/ it probably
wasn't enough -- files probably are already labelled
as your home directory files or so. You need to
relabel them so PostgreSQL could read them
(I don't remember the command to do so).
And please note that when you try using PL/perl you may
run into problems -- the policy definition may not contain
permissions to read perl modules. And so on, and so on.
SELinux is a fine piece of software, but it's a sturdy beast
to configure and I tend to think that the best approach is
to write policy from scratch tailored to specific needs...
Regards,
Dawid