problem connecting to postgres via apache
I'm having a problem connecting to postgres via a CGI program. I can
connect just fine using the same connect string in a non-cgi perl program
as in the perl cgi program. The error I get is this:
ERROR: Unable to connect to dbname testdb2, err: could not connect to
server: Permission denied
Is the server running on host "jacensolo.red.dsic.com" (192.168.10.16) and
accepting
TCP/IP connections on port 5432?
I tried adding postgres to the apache user's groups, because I saw
something on google that said that that is needed for the socket connection
to work, but it didn't help.
I just tried stopping and restarting apache, and when I try to start I get
this:
apachectl start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
I took away the group permission for postgres, just in case that had messed
up something, but it didn't help. Now I can't even start apache.
But, if I do:
[scassidy@jacensolo init.d]$ ps auxww|grep http
apache 15426 0.0 0.0 186416 2740 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15427 0.0 0.0 186416 2720 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15428 0.0 0.0 186416 3004 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15429 0.0 0.0 186416 2740 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15430 0.0 0.0 186416 2724 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15431 0.0 0.0 186416 2740 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15432 0.0 0.0 186416 2988 ? S Jan19 0:00
/usr/sbin/httpd -k start
apache 15433 0.0 0.0 186416 2988 ? S Jan19 0:00
/usr/sbin/httpd -k start
root 18778 0.0 0.0 184208 2408 ? Ss 2013 2:25
/usr/sbin/httpd -k start
I'm seeing processes that apparently shouldn't be there. Maybe that's why
it can't connect, because it is already connected?
Should I just kill those processes, do you think?
What could have happened? It was working just fine before.
Very mysterious.
Susan
On 01/23/2014 02:55 PM, Susan Cassidy wrote:
I'm having a problem connecting to postgres via a CGI program. I can
connect just fine using the same connect string in a non-cgi perl
program as in the perl cgi program. The error I get is this:ERROR: Unable to connect to dbname testdb2, err: could not
connect to server: Permission denied
Is the server running on host "jacensolo.red.dsic.com
<http://jacensolo.red.dsic.com>" (192.168.10.16) and accepting
TCP/IP connections on port 5432?
FYI, in the future you might want to anonymize your host information.
For example xxx.yyy.zzz.com
Well from the above it looks like you where trying to connect using
TCP/IP not a socket.
What is your connection string?
I tried adding postgres to the apache user's groups, because I saw
something on google that said that that is needed for the socket
connection to work, but it didn't help.I just tried stopping and restarting apache, and when I try to start I
get this:apachectl start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
<http://0.0.0.0:80>
no listening sockets available, shutting down
Unable to open logsI took away the group permission for postgres, just in case that had
messed up something, but it didn't help. Now I can't even start apache.
To me it looks like it is already running.
Susan
--
Adrian Klaver
adrian.klaver@gmail.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
On Fri, Jan 24, 2014 at 7:08 AM, Adrian Klaver <adrian.klaver@gmail.com>wrote:
On 01/23/2014 02:55 PM, Susan Cassidy wrote:
I'm having a problem connecting to postgres via a CGI program. I can
connect just fine using the same connect string in a non-cgi perl
program as in the perl cgi program. The error I get is this:ERROR: Unable to connect to dbname testdb2, err: could not
connect to server: Permission denied
Is the server running on host "jacensolo.red.dsic.com
<http://jacensolo.red.dsic.com>" (192.168.10.16) and acceptingTCP/IP connections on port 5432?
FYI, in the future you might want to anonymize your host information. For
example xxx.yyy.zzz.comWell from the above it looks like you where trying to connect using TCP/IP
not a socket.What is your connection string?
In addition to what has been already asked, can you also check if your
firewall is running?
Best Regards,
*Sameer Kumar | Database Consultant*
*ASHNIK PTE. LTD. *101 Cecil Street, #11-11 Tong Eng Building, Singapore
069533
M : *+65 8110 0350* T: +65 6438 3504 | www.ashnik.com
www.facebook.com/ashnikbiz | www.twitter.com/ashnikbiz
[image: email patch]
This email may contain confidential, privileged or copyright material and
is solely for the use of the intended recipient(s).
Attachments:
image002.jpgimage/jpeg; name=image002.jpgDownload+1-0
$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err: $DBI::errstr");
The exact same connection string works fine in a standalone perl program.
Susan
On Thu, Jan 23, 2014 at 3:08 PM, Adrian Klaver <adrian.klaver@gmail.com>wrote:
Show quoted text
On 01/23/2014 02:55 PM, Susan Cassidy wrote:
I'm having a problem connecting to postgres via a CGI program. I can
connect just fine using the same connect string in a non-cgi perl
program as in the perl cgi program. The error I get is this:ERROR: Unable to connect to dbname testdb2, err: could not
connect to server: Permission denied
Is the server running on host "jacensolo.red.dsic.com
<http://jacensolo.red.dsic.com>" (192.168.10.16) and accepting
TCP/IP connections on port 5432?FYI, in the future you might want to anonymize your host information. For
example xxx.yyy.zzz.comWell from the above it looks like you where trying to connect using TCP/IP
not a socket.What is your connection string?
I tried adding postgres to the apache user's groups, because I saw
something on google that said that that is needed for the socket
connection to work, but it didn't help.I just tried stopping and restarting apache, and when I try to start I
get this:apachectl start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
<http://0.0.0.0:80>
no listening sockets available, shutting down
Unable to open logsI took away the group permission for postgres, just in case that had
messed up something, but it didn't help. Now I can't even start apache.To me it looks like it is already running.
Susan
--
Adrian Klaver
adrian.klaver@gmail.com
Susan Cassidy <susan.cassidy@decisionsciencescorp.com> writes:
$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err: $DBI::errstr");
The exact same connection string works fine in a standalone perl program.
Given the permissions errors you mentioned upthread, I'm wondering whether
you're running on Red Hat/CentOS, and if so whether SELinux is preventing
apache from connecting to unexpected port numbers. I seem to recall
that there's a SELinux boolean specifically intended to allow or disallow
database connections from webservers, but I couldn't tell you the name
offhand.
regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
I've already checked that. It is enabled. I am running Scientific Linux.
On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Show quoted text
Susan Cassidy <susan.cassidy@decisionsciencescorp.com> writes:
$dbh =
DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err: $DBI::errstr");The exact same connection string works fine in a standalone perl program.
Given the permissions errors you mentioned upthread, I'm wondering whether
you're running on Red Hat/CentOS, and if so whether SELinux is preventing
apache from connecting to unexpected port numbers. I seem to recall
that there's a SELinux boolean specifically intended to allow or disallow
database connections from webservers, but I couldn't tell you the name
offhand.regards, tom lane
On 01/24/2014 09:35 AM, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running Scientific Linux.
SELinux is enabled?
The database connection value is enabled to allow or disallow webserver
connections?
On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us
<mailto:tgl@sss.pgh.pa.us>> wrote:Susan Cassidy <susan.cassidy@decisionsciencescorp.com
<mailto:susan.cassidy@decisionsciencescorp.com>> writes:$dbh =
DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err: $DBI::errstr");The exact same connection string works fine in a standalone perl
program.
Given the permissions errors you mentioned upthread, I'm wondering
whether
you're running on Red Hat/CentOS, and if so whether SELinux is
preventing
apache from connecting to unexpected port numbers. I seem to recall
that there's a SELinux boolean specifically intended to allow or
disallow
database connections from webservers, but I couldn't tell you the name
offhand.regards, tom lane
--
Adrian Klaver
adrian.klaver@gmail.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Are you calling the perl from apache (assuming yes)..? Does the web
user have the rights to execute the perl code?
Try disabling SELinux..
You'll get it..
On Fri, 2014-01-24 at 09:35 -0800, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running Scientific
Linux.On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Susan Cassidy <susan.cassidy@decisionsciencescorp.com> writes:$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=
${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err:$DBI::errstr");
The exact same connection string works fine in a standalone
perl program.
Given the permissions errors you mentioned upthread, I'm
wondering whether
you're running on Red Hat/CentOS, and if so whether SELinux is
preventing
apache from connecting to unexpected port numbers. I seem to
recall
that there's a SELinux boolean specifically intended to allow
or disallow
database connections from webservers, but I couldn't tell you
the name
offhand.regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[scassidy@jacensolo ~]$ /usr/sbin/sestatus | grep SELinux
SELinux status: enabled
SELinuxfs mount: /selinux
I have yet to find what to do to enable webserver connections.
Susan
On Fri, Jan 24, 2014 at 9:38 AM, Adrian Klaver <adrian.klaver@gmail.com>wrote:
Show quoted text
On 01/24/2014 09:35 AM, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running Scientific Linux.
SELinux is enabled?
The database connection value is enabled to allow or disallow webserver
connections?On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us
<mailto:tgl@sss.pgh.pa.us>> wrote:Susan Cassidy <susan.cassidy@decisionsciencescorp.com
<mailto:susan.cassidy@decisionsciencescorp.com>> writes:$dbh =
DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err:$DBI::errstr");
The exact same connection string works fine in a standalone perl
program.
Given the permissions errors you mentioned upthread, I'm wondering
whether
you're running on Red Hat/CentOS, and if so whether SELinux is
preventing
apache from connecting to unexpected port numbers. I seem to recall
that there's a SELinux boolean specifically intended to allow or
disallow
database connections from webservers, but I couldn't tell you the name
offhand.regards, tom lane
--
Adrian Klaver
adrian.klaver@gmail.com
I don't actually know what SELinux is. What else will happen if I (find
out how to) disable it?
Susan
On Fri, Jan 24, 2014 at 9:47 AM, Bret Stern <
bret_stern@machinemanagement.com> wrote:
Show quoted text
Are you calling the perl from apache (assuming yes)..? Does the web
user have the rights to execute the perl code?Try disabling SELinux..
You'll get it..On Fri, 2014-01-24 at 09:35 -0800, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running Scientific
Linux.On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Susan Cassidy <susan.cassidy@decisionsciencescorp.com> writes:$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=
${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err:$DBI::errstr");
The exact same connection string works fine in a standalone
perl program.
Given the permissions errors you mentioned upthread, I'm
wondering whether
you're running on Red Hat/CentOS, and if so whether SELinux is
preventing
apache from connecting to unexpected port numbers. I seem to
recall
that there's a SELinux boolean specifically intended to allow
or disallow
database connections from webservers, but I couldn't tell you
the name
offhand.regards, tom lane
Susan Cassidy wrote:
[scassidy@jacensolo ~]$ /usr/sbin/sestatus | grep SELinux
SELinux status: enabled
SELinuxfs mount: /selinuxI have yet to find what to do to enable webserver connections.
setsebool -P httpd_can_network_connect_db 1
Best regards,
--
Daniel
PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
I tried:
setsebool -P httpd_can_network_connect 1
But I get:
Cannot set persistent booleans without managed policy.
Could not change policy booleans
I don't know what that means.
Susan
On Fri, Jan 24, 2014 at 9:38 AM, Adrian Klaver <adrian.klaver@gmail.com>wrote:
Show quoted text
On 01/24/2014 09:35 AM, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running Scientific Linux.
SELinux is enabled?
The database connection value is enabled to allow or disallow webserver
connections?On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane <tgl@sss.pgh.pa.us
<mailto:tgl@sss.pgh.pa.us>> wrote:Susan Cassidy <susan.cassidy@decisionsciencescorp.com
<mailto:susan.cassidy@decisionsciencescorp.com>> writes:$dbh =
DBI->connect("dbi:Pg:dbname=$dbname;host=${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname, err:$DBI::errstr");
The exact same connection string works fine in a standalone perl
program.
Given the permissions errors you mentioned upthread, I'm wondering
whether
you're running on Red Hat/CentOS, and if so whether SELinux is
preventing
apache from connecting to unexpected port numbers. I seem to recall
that there's a SELinux boolean specifically intended to allow or
disallow
database connections from webservers, but I couldn't tell you the name
offhand.regards, tom lane
--
Adrian Klaver
adrian.klaver@gmail.com
Susan Cassidy wrote:
Cannot set persistent booleans without managed policy.
Could not change policy booleansI don't know what that means.
It probably means you're not root when issuing that command.
Become root or use sudo.
Best regards,
--
Daniel
PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
On 1/24/2014 11:55 AM, Susan Cassidy wrote:
I don't actually know what SELinux is. What else will happen if I
(find out how to) disable it?
your system will be less secure.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
SELINUX is a bunch of settings to control security.
If you are able to find it, I was suggesting you disable it
only to see if the Apache problem goes away.
Then to turn it back on.
If it stops working, then there is a setting which is preventing
Apache from being accessed. Locating the specific setting
would be the next step.
On Fri, 2014-01-24 at 11:55 -0800, Susan Cassidy wrote:
I don't actually know what SELinux is. What else will happen if I
(find out how to) disable it?Susan
On Fri, Jan 24, 2014 at 9:47 AM, Bret Stern
<bret_stern@machinemanagement.com> wrote:
Are you calling the perl from apache (assuming yes)..? Does
the web
user have the rights to execute the perl code?Try disabling SELinux..
You'll get it..On Fri, 2014-01-24 at 09:35 -0800, Susan Cassidy wrote:
I've already checked that. It is enabled. I am running
Scientific
Linux.
On Fri, Jan 24, 2014 at 8:28 AM, Tom Lane
<tgl@sss.pgh.pa.us> wrote:
Susan Cassidy
<susan.cassidy@decisionsciencescorp.com> writes:
$dbh = DBI->connect("dbi:Pg:dbname=$dbname;host=
${dbserver};port=$dbport;",
$dbuser, $dbpasswd) or
errexit( "Unable to connect to dbname $dbname,err:
$DBI::errstr");
The exact same connection string works fine in a
standalone
perl program.
Given the permissions errors you mentioned upthread,
I'm
wondering whether
you're running on Red Hat/CentOS, and if so whetherSELinux is
preventing
apache from connecting to unexpected port numbers.I seem to
recall
that there's a SELinux boolean specifically intendedto allow
or disallow
database connections from webservers, but I couldn'ttell you
the name
offhand.regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
On 1/24/2014 12:19 PM, Bret Stern wrote:
SELINUX is a bunch of settings to control security.
If you are able to find it, I was suggesting you disable it
only to see if the Apache problem goes away.
do NOT disable it. set the selinux policy to 'permissive'. this
causes it to log exceptions but allow them
--
john r pierce 37N 122W
somewhere on the middle of the left coast
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general