I think the file has to have _restricted_ permissions to be accepted.
The check is:
if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
buf.st_uid != getuid())
{
postmaster_error("bad permissions on private key file (%s)", fnbuf);
ExitPostmaster(1);
so my guess is that you have to remove group/other permissions on the
file.
---------------------------------------------------------------------------
Rob Abernethy IV wrote:
> I cannot get the postmaster to start up in SSL mode. I receive the following
> error:
>
> bad permissions on private key file (/var/lib/pgsql/data/server.key)
>
> I've checked the permissions and everything seems to be fine.
>
> ls -al
> total 56
> drwx------ 6 postgres postgres 4096 Dec 18 17:17 .
> drwxr--r-- 4 postgres postgres 4096 Dec 18 17:17 ..
> drwx------ 4 postgres postgres 4096 Dec 18 16:23 base
> drwx------ 2 postgres postgres 4096 Dec 18 17:17 global
> drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_clog
> -rw------- 1 postgres postgres 2404 Dec 18 16:41 pg_hba.conf
> -rw------- 1 postgres postgres 1441 Dec 18 16:23 pg_ident.conf
> -rw------- 1 postgres postgres 4 Dec 18 16:23 PG_VERSION
> drwx------ 2 postgres postgres 4096 Dec 18 16:23 pg_xlog
> -rw------- 1 postgres postgres 5224 Dec 18 17:17 postgresql.conf
> -rw------- 1 postgres postgres 20 Dec 18 17:16 postmaster.opts
> -rw-r--r-- 1 postgres postgres 3223 Dec 18 17:10 server.crt
> -rw-r--r-- 1 postgres postgres 887 Dec 18 17:10 server.key
>
> I'm using postgresql-7.3-2PGDG.
>
> Is this the correct list for this type of question? Thanks.
>
> --
> Robert Abernethy IV
> Dynamic Edge, Inc.
> 734.975.0460
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073