Re: [GENERAL] [pgadmin-hackers] file permission on ssl key

Hi,

I'm getting this error when I try to configure ssl with postgres:

pr 23 13:12:47 pgmaster01 pg_ctl: FATAL:  private key file "/etc/ssl/pgmaster01-key.pem" has group or world access

Apr 23 13:12:47 pgmaster01 pg_ctl: DETAIL:  Permissions should be u=rw (0600) or less.

The actual permission is:

centos@pgmaster01 ~]$ ls -l /etc/ssl/pgmaster01-key.pem 

-r--r----- 1 root ssl-read 3243 Apr 23 00:00 /etc/ssl/pgmaster01-key.pem

postgres user is part of the ssl-read group. Thi ssl key is shared with other software as well, so giving exclusive access to the postgres user is NOT an option.

I understand why postgres complains, but I'm pretty sure about what I'm doing here. How can I tell postgres to start anyway, even when it doesn't like those permissions? There should be a way to override this, I'm the admin here, it's up to me to decide to implement my security setup, not the software itself.

So basically I have three options:

- don't use ssl at all (not an option at all, actually)

- create a separate copy of my ssl key file with the correct permissions that postgres likes (ugly workaround)

- use another database server which allows me to configure it how I want it.

I'm actually considering settling for the last solution, due to this crazy restriction you put in place...

Regards,

Jeroen.