Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

Поиск
Список
Период
Сортировка
От Laurenz Albe
Тема Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"
Дата
Msg-id 41ba7401df2baa95daed163f946976669a19913c.camel@cybertec.at
обсуждение исходный текст
Ответ на Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"  (Bryn Llewellyn <bryn@yugabyte.com>)
Ответы Aw: Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"  (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
Список pgsql-general
Дерево обсуждения 
On Mon, 2022-10-31 at 22:03 -0700, Bryn Llewellyn wrote:
> I followed Peter's recommendation NOT to put my "clstr_mgr" O/S user in the "postgres"
> group—having earlier had it there. But doing so brought this content-free error message
> on an attempt to authorize using the intended method:
> 
> Error: Invalid data directory for cluster 11 main

That*s a message from the *server*, which always runs under the same OS user.

> A bit of Googling got me to this on the pgsql-general list (from the Peter, in fact):
> 
> https://www.postgresql.org/message-id/20190909171519.GA7858%40hjp.at
> 
> on that very topic.
> 
> It seems that the error message is simply misleading and that it should read "Cannot read
> the config_file, hba_file, or ident_file" — as they are named in this query's output":
> 
> select name, setting
> from pg_settings
> where category = 'File Locations';
> 
> Sure enough, neither my hba_file nor my ident_file were readable by "all" (but they were
> readable by "group"). However, the config_file was readable by "all". I've no idea what
> the history of those permissions is. Maybe I changed something along the way. I s'pose
> that I'd better regard my present installation as a dress rehearsal and simply redo it
> starting by restoring my "bare" Linux VM from file backup.
> 
> Anyway, just to prove the point, I chmod'd my hba_file and my ident_file to make them
> readable by all. And the silly error message went away.
> 
> However, that feels wrong to me. It would seem proper to put any user who you want to
> set up for "local", "peer" authentication into the "postgres" group.
> 
> What do you (all) think?

I think that you are doing something very weird, but I have no idea what it is.
Please tell us the exact commands you ran.

The client user should *never* read the PostgreSQL configuration files, so if changing
the permissions (which you should *never* do) has an effect, you must be doing something
very strange, like trying to start the database server with the wrong user.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com

В списке pgsql-general по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: empty pg_stat_progress_vacuum
Следующее
От: Laurenz Albe
Дата:
Сообщение: Re: Autovacuum on Partitioned Tables