Thread: Trying to solve a SocketError [Errno 13] Permission with PL/Python in PostgreSQL 9.3

Regards to all the list.
First all the info about the system:

O.S: CentOS 7 64 bits
PostgreSQL version:

SELECT version();
version
--------------------------------------------------------------------------------------------------------------
  PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
(1 row)

Neo4j version: 2.1.M
Py2neo version: 2.0.8
Python version:
python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2

Now the problem:

We are working here to integrate PostgreSQL with Neo4j through PL/Python
using the py2neo module for it, and when we want to send sentences to
Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
Permission denied.

I tested the same code in a normal python script outside of PostgreSQL,
and it works well, but the problem is when I use the code inside
PostgreSQL with PL/Python.
This is the code of a simple function to search a node in the Neo4j graph:

CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
   RETURNS text AS
$BODY$
from py2neo import Graph
from py2neo.cypher import CypherTransaction

graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
tx = graph.cypher.begin()
statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN pf;" ,
tx.append(statement, parameters={'name': nombre_prof})
professor= tx.commit()
$BODY$
   LANGUAGE plpythonu VOLATILE
   COST 100;

and it can be used:
SELECT search_professor_node('Max');

The completed error is:

********** Error **********

ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
SQL state: XX000
Context: Traceback (most recent call last):
   PL/Python function "search_professor_node", line 6, in <module>
     tx = graph.cypher.begin()
   PL/Python function "search_professor_node", line 666, in cypher
   PL/Python function "search_professor_node", line 212, in metadata
   PL/Python function "search_professor_node", line 257, in get
   PL/Python function "search_professor_node", line 965, in get
   PL/Python function "search_professor_node", line 942, in __get_or_head
   PL/Python function "search_professor_node", line 432, in submit
   PL/Python function "search_professor_node", line 361, in submit
PL/Python function "search_professor_node"

Thanks a lot for your time, and I hope to find a suitable solution for it.

Marcos Ortiz <mlortiz@uci.cu> writes:
> O.S: CentOS 7 64 bits

> We are working here to integrate PostgreSQL with Neo4j through PL/Python
> using the py2neo module for it, and when we want to send sentences to
> Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
> Permission denied.

> I tested the same code in a normal python script outside of PostgreSQL,
> and it works well, but the problem is when I use the code inside
> PostgreSQL with PL/Python.

Probably SELinux is set up to deny random connections originating from the
postgresql daemon.  If disabling SELinux makes the problem go away then
that's it.  (I do *not* recommend that as a permanent solution, of course.
You'll want to find some finer-grained change to the security policy.
Don't remember enough about SELinux to know what the most likely bet is.)

            regards, tom lane

On 05/23/2015 03:27 PM, Marcos Ortiz wrote:
> Regards to all the list.
> First all the info about the system:
>
> O.S: CentOS 7 64 bits
> PostgreSQL version:
>
> SELECT version();
> version
> --------------------------------------------------------------------------------------------------------------
>
>   PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
> 4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
> (1 row)
>
> Neo4j version: 2.1.M
> Py2neo version: 2.0.8
> Python version:
> python
> Python 2.7.5 (default, Jun 17 2014, 18:11:42)
> [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
>
> Now the problem:
>
> We are working here to integrate PostgreSQL with Neo4j through PL/Python
> using the py2neo module for it, and when we want to send sentences to
> Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
> Permission denied.

Well first in the code below, if I am following correctly, the socket is
37474.


>
> I tested the same code in a normal python script outside of PostgreSQL,
> and it works well, but the problem is when I use the code inside
> PostgreSQL with PL/Python.

Second the plpythonu code is running as the postgres user, so does that
user have permissions on the socket.

> This is the code of a simple function to search a node in the Neo4j graph:
>
> CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
>    RETURNS text AS
> $BODY$
> from py2neo import Graph
> from py2neo.cypher import CypherTransaction
>
> graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
> tx = graph.cypher.begin()
> statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN pf;" ,
> tx.append(statement, parameters={'name': nombre_prof})
> professor= tx.commit()
> $BODY$
>    LANGUAGE plpythonu VOLATILE
>    COST 100;
>
> and it can be used:
> SELECT search_professor_node('Max');
>
> The completed error is:
>
> ********** Error **********
>
> ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
> SQL state: XX000
> Context: Traceback (most recent call last):
>    PL/Python function "search_professor_node", line 6, in <module>
>      tx = graph.cypher.begin()
>    PL/Python function "search_professor_node", line 666, in cypher
>    PL/Python function "search_professor_node", line 212, in metadata
>    PL/Python function "search_professor_node", line 257, in get
>    PL/Python function "search_professor_node", line 965, in get
>    PL/Python function "search_professor_node", line 942, in __get_or_head
>    PL/Python function "search_professor_node", line 432, in submit
>    PL/Python function "search_professor_node", line 361, in submit
> PL/Python function "search_professor_node"
>
> Thanks a lot for your time, and I hope to find a suitable solution for it.
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

Marcos Ortiz <mlortiz@uci.cu> writes:

O.S: CentOS 7 64 bits

We are working here to integrate PostgreSQL with Neo4j through PL/Python 
using the py2neo module for it, and when we want to send sentences to 
Neo4j using port 7474, the executed code raises a SocketError [Errno 13] 
Permission denied.

I tested the same code in a normal python script outside of PostgreSQL, 
and it works well, but the problem is when I use the code inside 
PostgreSQL with PL/Python.

Probably SELinux is set up to deny random connections originating from the
postgresql daemon.  If disabling SELinux makes the problem go away then
that's it.  (I do *not* recommend that as a permanent solution, of course.
You'll want to find some finer-grained change to the security policy.
Don't remember enough about SELinux to know what the most likely bet is.)
		regards, tom lane

I'm agree with you, Tom.
I will find the SELinux policy to allow this, because I don't want to disable SELinux in the system.
Searching in the system with getgetsebool -a | grep postgresql, this was the result:

postgresql_can_rsync --> off
postgresql_selinux_transmit_client_label --> off
postgresql_selinux_unconfined_dbadm --> on
postgresql_selinux_users_ddl --> on
selinuxuser_postgresql_connect_enabled --> off

On 05/23/2015 03:27 PM, Marcos Ortiz wrote:

Regards to all the list.
First all the info about the system:

O.S: CentOS 7 64 bits
PostgreSQL version:

SELECT version();
version
--------------------------------------------------------------------------------------------------------------

  PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
(1 row)

Neo4j version: 2.1.M
Py2neo version: 2.0.8
Python version:
python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2

Now the problem:

We are working here to integrate PostgreSQL with Neo4j through PL/Python
using the py2neo module for it, and when we want to send sentences to
Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
Permission denied.

Well first in the code below, if I am following correctly, the socket is 37474.

Yes, Adrian. Sorry for that, the correct port is 7474. I just was testing with higher ports to
see if the error persisted.

I tested the same code in a normal python script outside of PostgreSQL,
and it works well, but the problem is when I use the code inside
PostgreSQL with PL/Python.

Second the plpythonu code is running as the postgres user, so does that user have permissions on the socket.

Did you mean the socket created by Neo4j's server right?
For that reason, I created a group in the system for this named supervisor, where neo4j/postgres users are members.
So, if I find the socket file for Neo4j-server, changing permissions could solve the problem. Right?
Neo4j is a Java-based platform.

This is the code of a simple function to search a node in the Neo4j graph:

CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
   RETURNS text AS
$BODY$
from py2neo import Graph
from py2neo.cypher import CypherTransaction

graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
tx = graph.cypher.begin()
statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN pf;" ,
tx.append(statement, parameters={'name': nombre_prof})
professor= tx.commit()
$BODY$
   LANGUAGE plpythonu VOLATILE
   COST 100;

and it can be used:
SELECT search_professor_node('Max');

The completed error is:

********** Error **********

ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
SQL state: XX000
Context: Traceback (most recent call last):
   PL/Python function "search_professor_node", line 6, in <module>
     tx = graph.cypher.begin()
   PL/Python function "search_professor_node", line 666, in cypher
   PL/Python function "search_professor_node", line 212, in metadata
   PL/Python function "search_professor_node", line 257, in get
   PL/Python function "search_professor_node", line 965, in get
   PL/Python function "search_professor_node", line 942, in __get_or_head
   PL/Python function "search_professor_node", line 432, in submit
   PL/Python function "search_professor_node", line 361, in submit
PL/Python function "search_professor_node"

Thanks a lot for your time, and I hope to find a suitable solution for it.

On 05/23/2015 03:51 PM, Marcos Ortiz wrote:
>
>
> On 23/05/15 18:40, Adrian Klaver wrote:
>> On 05/23/2015 03:27 PM, Marcos Ortiz wrote:
>>> Regards to all the list.
>>> First all the info about the system:
>>>
>>> O.S: CentOS 7 64 bits
>>> PostgreSQL version:
>>>
>>> SELECT version();
>>> version
>>> --------------------------------------------------------------------------------------------------------------
>>>
>>>
>>>   PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
>>> 4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
>>> (1 row)
>>>
>>> Neo4j version: 2.1.M
>>> Py2neo version: 2.0.8
>>> Python version:
>>> python
>>> Python 2.7.5 (default, Jun 17 2014, 18:11:42)
>>> [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
>>>
>>> Now the problem:
>>>
>>> We are working here to integrate PostgreSQL with Neo4j through PL/Python
>>> using the py2neo module for it, and when we want to send sentences to
>>> Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
>>> Permission denied.
>>
>> Well first in the code below, if I am following correctly, the socket
>> is 37474.
> Yes, Adrian. Sorry for that, the correct port is 7474. I just was
> testing with higher ports to
> see if the error persisted.
>>
>>
>>>
>>> I tested the same code in a normal python script outside of PostgreSQL,
>>> and it works well, but the problem is when I use the code inside
>>> PostgreSQL with PL/Python.
>>
>> Second the plpythonu code is running as the postgres user, so does
>> that user have permissions on the socket.
> Did you mean the socket created by Neo4j's server right?
> For that reason, I created a group in the system for this named
> supervisor, where neo4j/postgres users are members.
> So, if I find the socket file for Neo4j-server, changing permissions
> could solve the problem. Right?

Not sure, but a quick search found that py2neo uses the neo4j REST API
and that API has authorization parameters:

http://neo4j.com/docs/stable/security-server.html

Have you gone through the above?


> Neo4j is a Java-based platform.
>>
>>> This is the code of a simple function to search a node in the Neo4j
>>> graph:
>>>
>>> CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
>>>    RETURNS text AS
>>> $BODY$
>>> from py2neo import Graph
>>> from py2neo.cypher import CypherTransaction
>>>
>>> graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
>>> tx = graph.cypher.begin()
>>> statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN pf;" ,
>>> tx.append(statement, parameters={'name': nombre_prof})
>>> professor= tx.commit()
>>> $BODY$
>>>    LANGUAGE plpythonu VOLATILE
>>>    COST 100;
>>>
>>> and it can be used:
>>> SELECT search_professor_node('Max');
>>>
>>> The completed error is:
>>>
>>> ********** Error **********
>>>
>>> ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
>>> SQL state: XX000
>>> Context: Traceback (most recent call last):
>>>    PL/Python function "search_professor_node", line 6, in <module>
>>>      tx = graph.cypher.begin()
>>>    PL/Python function "search_professor_node", line 666, in cypher
>>>    PL/Python function "search_professor_node", line 212, in metadata
>>>    PL/Python function "search_professor_node", line 257, in get
>>>    PL/Python function "search_professor_node", line 965, in get
>>>    PL/Python function "search_professor_node", line 942, in
>>> __get_or_head
>>>    PL/Python function "search_professor_node", line 432, in submit
>>>    PL/Python function "search_professor_node", line 361, in submit
>>> PL/Python function "search_professor_node"
>>>
>>> Thanks a lot for your time, and I hope to find a suitable solution
>>> for it.
>>>
>>>
>>
>>
>
> --
> Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
> Infrastructure) at UCI
> @marcosluis2186 <http://twitter.com/marcosluis2186>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

On 05/23/2015 03:51 PM, Marcos Ortiz wrote:

On 23/05/15 18:40, Adrian Klaver wrote:

On 05/23/2015 03:27 PM, Marcos Ortiz wrote:

Regards to all the list.
First all the info about the system:

O.S: CentOS 7 64 bits
PostgreSQL version:

SELECT version();
version
--------------------------------------------------------------------------------------------------------------


  PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
(1 row)

Neo4j version: 2.1.M
Py2neo version: 2.0.8
Python version:
python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2

Now the problem:

We are working here to integrate PostgreSQL with Neo4j through PL/Python
using the py2neo module for it, and when we want to send sentences to
Neo4j using port 7474, the executed code raises a SocketError [Errno 13]
Permission denied.

Well first in the code below, if I am following correctly, the socket
is 37474.

Yes, Adrian. Sorry for that, the correct port is 7474. I just was
testing with higher ports to
see if the error persisted.

I tested the same code in a normal python script outside of PostgreSQL,
and it works well, but the problem is when I use the code inside
PostgreSQL with PL/Python.

Second the plpythonu code is running as the postgres user, so does
that user have permissions on the socket.

Did you mean the socket created by Neo4j's server right?
For that reason, I created a group in the system for this named
supervisor, where neo4j/postgres users are members.
So, if I find the socket file for Neo4j-server, changing permissions
could solve the problem. Right?

Not sure, but a quick search found that py2neo uses the neo4j REST API and that API has authorization parameters:

http://neo4j.com/docs/stable/security-server.html

Have you gone through the above?

Yes, Adrian. py2neo installs a tool called neoauth, which can be used to create users with their respective passwords.
For that reason, I use this way to create the graph:

graph = Graph("http://neo4j:neo4j@10.8.45.136:7474/db/data")
using the user neo4j and its pass neo4j 

Neo4j is a Java-based platform.

This is the code of a simple function to search a node in the Neo4j
graph:

CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
   RETURNS text AS
$BODY$
from py2neo import Graph
from py2neo.cypher import CypherTransaction

graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
tx = graph.cypher.begin()
statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN pf;" ,
tx.append(statement, parameters={'name': nombre_prof})
professor= tx.commit()
$BODY$
   LANGUAGE plpythonu VOLATILE
   COST 100;

and it can be used:
SELECT search_professor_node('Max');

The completed error is:

********** Error **********

ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
SQL state: XX000
Context: Traceback (most recent call last):
   PL/Python function "search_professor_node", line 6, in <module>
     tx = graph.cypher.begin()
   PL/Python function "search_professor_node", line 666, in cypher
   PL/Python function "search_professor_node", line 212, in metadata
   PL/Python function "search_professor_node", line 257, in get
   PL/Python function "search_professor_node", line 965, in get
   PL/Python function "search_professor_node", line 942, in
__get_or_head
   PL/Python function "search_professor_node", line 432, in submit
   PL/Python function "search_professor_node", line 361, in submit
PL/Python function "search_professor_node"

Thanks a lot for your time, and I hope to find a suitable solution
for it.

--
Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
Infrastructure) at UCI
@marcosluis2186 <http://twitter.com/marcosluis2186>

On 05/23/2015 04:16 PM, Marcos Ortiz wrote:
>
>
> On 23/05/15 19:09, Adrian Klaver wrote:
>> On 05/23/2015 03:51 PM, Marcos Ortiz wrote:
>>>
>>>
>>> On 23/05/15 18:40, Adrian Klaver wrote:
>>>> On 05/23/2015 03:27 PM, Marcos Ortiz wrote:
>>>>> Regards to all the list.
>>>>> First all the info about the system:
>>>>>
>>>>> O.S: CentOS 7 64 bits
>>>>> PostgreSQL version:
>>>>>
>>>>> SELECT version();
>>>>> version
>>>>> --------------------------------------------------------------------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>>>   PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
>>>>> 4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
>>>>> (1 row)
>>>>>
>>>>> Neo4j version: 2.1.M
>>>>> Py2neo version: 2.0.8
>>>>> Python version:
>>>>> python
>>>>> Python 2.7.5 (default, Jun 17 2014, 18:11:42)
>>>>> [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
>>>>>
>>>>> Now the problem:
>>>>>
>>>>> We are working here to integrate PostgreSQL with Neo4j through
>>>>> PL/Python
>>>>> using the py2neo module for it, and when we want to send sentences to
>>>>> Neo4j using port 7474, the executed code raises a SocketError
>>>>> [Errno 13]
>>>>> Permission denied.
>>>>
>>>> Well first in the code below, if I am following correctly, the socket
>>>> is 37474.
>>> Yes, Adrian. Sorry for that, the correct port is 7474. I just was
>>> testing with higher ports to
>>> see if the error persisted.
>>>>
>>>>
>>>>>
>>>>> I tested the same code in a normal python script outside of
>>>>> PostgreSQL,
>>>>> and it works well, but the problem is when I use the code inside
>>>>> PostgreSQL with PL/Python.
>>>>
>>>> Second the plpythonu code is running as the postgres user, so does
>>>> that user have permissions on the socket.
>>> Did you mean the socket created by Neo4j's server right?
>>> For that reason, I created a group in the system for this named
>>> supervisor, where neo4j/postgres users are members.
>>> So, if I find the socket file for Neo4j-server, changing permissions
>>> could solve the problem. Right?
>>
>> Not sure, but a quick search found that py2neo uses the neo4j REST API
>> and that API has authorization parameters:
>>
>> http://neo4j.com/docs/stable/security-server.html
>>
>> Have you gone through the above?
> Yes, Adrian. py2neo installs a tool called neoauth, which can be used to
> create users with their respective passwords.
> For that reason, I use this way to create the graph:
>
> graph = Graph("http://neo4j:neo4j@10.8.45.136:7474/db/data")
> using the user neo4j and its pass neo4j

 From a quick look at the neo4j security docs, it seems the server by
default only accepts connections from localhost. So where is the neo4j
server in relation to the Postgres server and the stand alone Python
script that runs?
>
>>
>>
>>> Neo4j is a Java-based platform.
>>>>
>>>>> This is the code of a simple function to search a node in the Neo4j
>>>>> graph:
>>>>>
>>>>> CREATE OR REPLACE FUNCTION search_professor_node(nombre_prof text)
>>>>>    RETURNS text AS
>>>>> $BODY$
>>>>> from py2neo import Graph
>>>>> from py2neo.cypher import CypherTransaction
>>>>>
>>>>> graph = Graph("http://neo4j:neo4j@10.8.45.136:37474/db/data")
>>>>> tx = graph.cypher.begin()
>>>>> statement = "MATCH (pf:Professor) WHERE pf.nombre = {name} RETURN
>>>>> pf;" ,
>>>>> tx.append(statement, parameters={'name': nombre_prof})
>>>>> professor= tx.commit()
>>>>> $BODY$
>>>>>    LANGUAGE plpythonu VOLATILE
>>>>>    COST 100;
>>>>>
>>>>> and it can be used:
>>>>> SELECT search_professor_node('Max');
>>>>>
>>>>> The completed error is:
>>>>>
>>>>> ********** Error **********
>>>>>
>>>>> ERROR: py2neo.packages.httpstream.http.SocketError: Permission denied
>>>>> SQL state: XX000
>>>>> Context: Traceback (most recent call last):
>>>>>    PL/Python function "search_professor_node", line 6, in <module>
>>>>>      tx = graph.cypher.begin()
>>>>>    PL/Python function "search_professor_node", line 666, in cypher
>>>>>    PL/Python function "search_professor_node", line 212, in metadata
>>>>>    PL/Python function "search_professor_node", line 257, in get
>>>>>    PL/Python function "search_professor_node", line 965, in get
>>>>>    PL/Python function "search_professor_node", line 942, in
>>>>> __get_or_head
>>>>>    PL/Python function "search_professor_node", line 432, in submit
>>>>>    PL/Python function "search_professor_node", line 361, in submit
>>>>> PL/Python function "search_professor_node"
>>>>>
>>>>> Thanks a lot for your time, and I hope to find a suitable solution
>>>>> for it.
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> --
>>> Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
>>> Infrastructure) at UCI
>>> @marcosluis2186 <http://twitter.com/marcosluis2186>
>>>
>>>
>>
>>
>
> --
> Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
> Infrastructure) at UCI
> @marcosluis2186 <http://twitter.com/marcosluis2186>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

On 05/23/2015 04:16 PM, Marcos Ortiz wrote:
>
>
> On 23/05/15 19:09, Adrian Klaver wrote:
>> On 05/23/2015 03:51 PM, Marcos Ortiz wrote:
>>>
>>>
>>> On 23/05/15 18:40, Adrian Klaver wrote:
>>>> On 05/23/2015 03:27 PM, Marcos Ortiz wrote:
>>>>> Regards to all the list.
>>>>> First all the info about the system:
>>>>>
>>>>> O.S: CentOS 7 64 bits
>>>>> PostgreSQL version:
>>>>>
>>>>> SELECT version();
>>>>> version
>>>>> --------------------------------------------------------------------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>>>   PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
>>>>> 4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
>>>>> (1 row)
>>>>>
>>>>> Neo4j version: 2.1.M
>>>>> Py2neo version: 2.0.8
>>>>> Python version:
>>>>> python
>>>>> Python 2.7.5 (default, Jun 17 2014, 18:11:42)
>>>>> [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
>>>>>
>>>>> Now the problem:
>>>>>
>>>>> We are working here to integrate PostgreSQL with Neo4j through
>>>>> PL/Python
>>>>> using the py2neo module for it, and when we want to send sentences to
>>>>> Neo4j using port 7474, the executed code raises a SocketError
>>>>> [Errno 13]
>>>>> Permission denied.
>>>>
>>>> Well first in the code below, if I am following correctly, the socket
>>>> is 37474.
>>> Yes, Adrian. Sorry for that, the correct port is 7474. I just was
>>> testing with higher ports to
>>> see if the error persisted.
>>>>
>>>>
>>>>>
>>>>> I tested the same code in a normal python script outside of
>>>>> PostgreSQL,
>>>>> and it works well, but the problem is when I use the code inside
>>>>> PostgreSQL with PL/Python.
>>>>
>>>> Second the plpythonu code is running as the postgres user, so does
>>>> that user have permissions on the socket.
>>> Did you mean the socket created by Neo4j's server right?
>>> For that reason, I created a group in the system for this named
>>> supervisor, where neo4j/postgres users are members.
>>> So, if I find the socket file for Neo4j-server, changing permissions
>>> could solve the problem. Right?
>>
>> Not sure, but a quick search found that py2neo uses the neo4j REST API
>> and that API has authorization parameters:
>>
>> http://neo4j.com/docs/stable/security-server.html
>>
>> Have you gone through the above?
> Yes, Adrian. py2neo installs a tool called neoauth, which can be used to
> create users with their respective passwords.
> For that reason, I use this way to create the graph:
>
> graph = Graph("http://neo4j:neo4j@10.8.45.136:7474/db/data")
> using the user neo4j and its pass neo4j
>

Not sure if it applies but see here:

http://neo4j.com/docs/stable/rest-api-security.html
"When Neo4j is first installed you can authenticate with the default
user neo4j and the default password neo4j. However, the default password
must be changed (see the section called “User status and password
changing”) before access to resources will be permitted. ..."


--
Adrian Klaver
adrian.klaver@aklaver.com

Sorry for the late response.

On 05/23/2015 04:16 PM, Marcos Ortiz wrote:

On 23/05/15 19:09, Adrian Klaver wrote:

On 05/23/2015 03:51 PM, Marcos Ortiz wrote:

On 23/05/15 18:40, Adrian Klaver wrote:

On 05/23/2015 03:27 PM, Marcos Ortiz wrote:

Regards to all the list.
First all the info about the system:

O.S: CentOS 7 64 bits
PostgreSQL version:

SELECT version();
version
--------------------------------------------------------------------------------------------------------------



  PostgreSQL 9.2.7 on x86_64-redhat-linux-gnu, compiled by gcc (GCC)
4.8.2 20140120 (Red Hat 4.8.2-16), 64-bit
(1 row)

Neo4j version: 2.1.M
Py2neo version: 2.0.8
Python version:
python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2

Now the problem:

We are working here to integrate PostgreSQL with Neo4j through
PL/Python
using the py2neo module for it, and when we want to send sentences to
Neo4j using port 7474, the executed code raises a SocketError
[Errno 13]
Permission denied.

Well first in the code below, if I am following correctly, the socket
is 37474.

Yes, Adrian. Sorry for that, the correct port is 7474. I just was
testing with higher ports to
see if the error persisted.

I tested the same code in a normal python script outside of
PostgreSQL,
and it works well, but the problem is when I use the code inside
PostgreSQL with PL/Python.

Second the plpythonu code is running as the postgres user, so does
that user have permissions on the socket.

Did you mean the socket created by Neo4j's server right?
For that reason, I created a group in the system for this named
supervisor, where neo4j/postgres users are members.
So, if I find the socket file for Neo4j-server, changing permissions
could solve the problem. Right?

Not sure, but a quick search found that py2neo uses the neo4j REST API
and that API has authorization parameters:

http://neo4j.com/docs/stable/security-server.html

Have you gone through the above?

Yes, Adrian. py2neo installs a tool called neoauth, which can be used to
create users with their respective passwords.
For that reason, I use this way to create the graph:

graph = Graph("http://neo4j:neo4j@10.8.45.136:7474/db/data")
using the user neo4j and its pass neo4j

Not sure if it applies but see here:

http://neo4j.com/docs/stable/rest-api-security.html
"When Neo4j is first installed you can authenticate with the default user neo4j and the default password neo4j. However, the default password must be changed (see the section called “User status and password changing”) before access to resources will be permitted. ..."

Yes, I changed the password.
It seems that the problem was with SELinux.
I disabled it for a moment to make a simple test y everything worked.
But, like Tom said, I don´t want SELinux disabled in my systems, so I will find out the
security label who is blocking this in CentOS, and enable it again.
When I find it, I will send the solution to the list.
Best wishes and thanks again for your time.

On 05/24/2015 04:15 PM, Marcos Ortiz wrote:
> Sorry for the late response.
>

>>
>> Not sure if it applies but see here:
>>
>> http://neo4j.com/docs/stable/rest-api-security.html
>> "When Neo4j is first installed you can authenticate with the default
>> user neo4j and the default password neo4j. However, the default
>> password must be changed (see the section called “User status and
>> password changing”) before access to resources will be permitted. ..."
> Yes, I changed the password.
> It seems that the problem was with SELinux.
> I disabled it for a moment to make a simple test y everything worked.
> But, like Tom said, I don´t want SELinux disabled in my systems, so I
> will find out the
> security label who is blocking this in CentOS, and enable it again.
> When I find it, I will send the solution to the list.

Glad you found the cause and thanks for following up. Nice to be able to
close the loop on a problem.

> Best wishes and thanks again for your time.
>>
>>
>
> --
> Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
> Infrastructure) at UCI
> @marcosluis2186 <http://twitter.com/marcosluis2186>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

Regards, Adrian, Tom and all pgsql-general list.
Like Tom said, the problem was with SELinux and I found the policy which caused all problems:
grep denied audit.log | audit2allow


#============= postgresql_t ==============

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow postgresql_t ephemeral_port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow postgresql_t unreserved_port_t:tcp_socket name_connect;

I checked that boolean with:

# getsebool -a | grep nis_enabled
nis_enabled --> off

Then, I changed it to on, and everything works well with SELinux enabled by default.
Thanks again for the time and patience.

On 05/24/2015 04:15 PM, Marcos Ortiz wrote:

Sorry for the late response.

Not sure if it applies but see here:

http://neo4j.com/docs/stable/rest-api-security.html
"When Neo4j is first installed you can authenticate with the default
user neo4j and the default password neo4j. However, the default
password must be changed (see the section called “User status and
password changing”) before access to resources will be permitted. ..."

Yes, I changed the password.
It seems that the problem was with SELinux.
I disabled it for a moment to make a simple test y everything worked.
But, like Tom said, I don´t want SELinux disabled in my systems, so I
will find out the
security label who is blocking this in CentOS, and enable it again.
When I find it, I will send the solution to the list.

Glad you found the cause and thanks for following up. Nice to be able to close the loop on a problem.

Best wishes and thanks again for your time.

--
Marcos Ortiz <http://about.me/marcosortiz>, Sr. Product Manager (Data
Infrastructure) at UCI
@marcosluis2186 <http://twitter.com/marcosluis2186>