help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

Started by bonolinover 24 years ago7 messagesbugs

bonolin@yahoo.com

over 24 years ago

pgsql-bugs:

Hello!
I install postgres 7.1 on solaris 2.6(sparc cpu).And create some db,runing normal.Today,I want to restart the database,it report "FATAL 1: configuration file `postgresql.conf' has wrong permissions",I check and change the permission to 775 ,but fail either,can you help.I need your help.
Thanks!

Best regard!

BonoLin(锟街猴拷锟斤拷)
Email:bonolin@yahoo.com
2001-07-19 12:07:34

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Tom Lane

tgl@sss.pgh.pa.us

over 24 years ago

In reply to: bonolin (#1)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

bonolin <bonolin@yahoo.com> writes:

I install postgres 7.1 on solaris 2.6(sparc cpu).And create some
db,runing normal.Today,I want to restart the database,it report
"FATAL 1: configuration file `postgresql.conf' has wrong
permissions",I check and change the permission to 775 ,but fail
either,can you help.I need your help. Thanks!

A look at the source code shows it wants 744 or less.

This is probably overly restrictive; in fact, I would argue that there
should be no such check at all. We do not do runtime checks for
permissions on any other files, and some of them are far more sensitive
than postgresql.conf (password files for example). Peter, what is the
rationale for having this check?

regards, tom lane

Bruce Momjian

bruce@momjian.us

over 24 years ago

In reply to: Tom Lane (#2)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

bonolin <bonolin@yahoo.com> writes:

I install postgres 7.1 on solaris 2.6(sparc cpu).And create some
db,runing normal.Today,I want to restart the database,it report
"FATAL 1: configuration file `postgresql.conf' has wrong
permissions",I check and change the permission to 775 ,but fail
either,can you help.I need your help. Thanks!

A look at the source code shows it wants 744 or less.

This is probably overly restrictive; in fact, I would argue that there
should be no such check at all. We do not do runtime checks for
permissions on any other files, and some of them are far more sensitive
than postgresql.conf (password files for example). Peter, what is the
rationale for having this check?

Isn't the file in /data, which is 700. Why do we care what permissions
we give it?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Tom Lane

tgl@sss.pgh.pa.us

over 24 years ago

In reply to: Bruce Momjian (#3)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

Bruce Momjian <pgman@candle.pha.pa.us> writes:

Isn't the file in /data, which is 700. Why do we care what permissions
we give it?

Indeed. I could understand having a postmaster-start-time check that
$PGDATA has mode 700 (initdb makes this true anyway, but having the
postmaster double-check is not unreasonable). But I don't see why we
should expend cycles on checking the permissions of stuff inside
$PGDATA.

regards, tom lane

Peter Eisentraut

peter_e@gmx.net

over 24 years ago

In reply to: Tom Lane (#2)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

Tom Lane writes:

A look at the source code shows it wants 744 or less.

This is probably overly restrictive; in fact, I would argue that there
should be no such check at all. We do not do runtime checks for
permissions on any other files, and some of them are far more sensitive
than postgresql.conf (password files for example). Peter, what is the
rationale for having this check?

Security on a module basis perhaps (a.k.a. paranoia)? I could agree on
moving that check to $PGDATA but I feel it needs to be there. At least
one user was going to get into trouble here.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

Tom Lane

tgl@sss.pgh.pa.us

over 24 years ago

In reply to: Peter Eisentraut (#5)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

Peter Eisentraut <peter_e@gmx.net> writes:

Tom Lane writes:

This is probably overly restrictive; in fact, I would argue that there
should be no such check at all. We do not do runtime checks for
permissions on any other files, and some of them are far more sensitive
than postgresql.conf (password files for example). Peter, what is the
rationale for having this check?

Security on a module basis perhaps (a.k.a. paranoia)? I could agree on
moving that check to $PGDATA but I feel it needs to be there.

Seems to me it makes more sense to check $PGDATA, not one individual
file within the directory. Ultimately we depend on $PGDATA to have
the right permissions.

We've since seen a second gripe from a user who was confused by this
check, so at the very least, the error message needs to be made more
clear. (The second guy evidently thought that the code wanted him
to relax the permissions on postgresql.conf, not tighten them.)

regards, tom lane

Peter Eisentraut

peter_e@gmx.net

over 24 years ago

In reply to: Tom Lane (#6)

Re: help for:FATAL 1: configuration file `postgresql.conf' has wrong permissions

Tom Lane writes:

Seems to me it makes more sense to check $PGDATA, not one individual
file within the directory. Ultimately we depend on $PGDATA to have
the right permissions.

Check moved.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter