Обсуждение: Trouble connecting to database using PQconnectdb (C/libpq)
Hello -
I am working on moving my WEB pages, which include searches in a PostgreSQL
data base, through "libpq".
Old system: Red Hat Linux 9, PostgreSQL 7.4.6
New system: Fedora 11, PostgreSQL 8.4
When I re-compile the program (using updated gnu C++ compilers/libs),
the new version --will-- connect to the data base if I run the CGI program
from the command line, but will --NOT-- connect if I call the CGI program
from a web page.
Here is the C/C++ code:
------------------------------
const char *pcDbArgs = "user=joela dbname=photodb port=5432
host=192.168.111.7";
const char *pcDbName = "photodb";
//
// Connect to PostGresQL data base....
//
printf("\nCalling PQconnectdb(%s)\n", pcDbArgs);
gpPhotoDb = PQconnectdb (pcDbArgs);
if (PQstatus(gpPhotoDb) != CONNECTION_OK)
vExit("Can't connect to database \"%s\" - %s\n", pcDbName,
PQerrorMessage(gpPhotoDb));
printf("Successful connection!\n\n");
(vExit is a simple function that formats an error message)
When run from an HTML page:
Error message:
------------------
Calling PQconnectdb(user=joela dbname=photodb port=5432 host=192.168.111.7)
*** Error - Can't connect to database "photodb" - could not connect to server: Permission denied
Is the server running on host "192.168.111.7" and accepting
TCP/IP connections on port 5432?
I have verified that the postgresql server --is-- running on the server
machine, and --is-- listening on 5432.
I am sure I am leaving something out, so please write if you need more info.
Any thoughts?
Thanks!
Joel.
--
+--------------------------------------------------------------------+
| Joel K. Alpers
| Expressive Black and White Images
| http://www.jkalpers.com
+--------------------------------------------------------------------+
Joel Alpers <joel@jkalpers.com> writes:
> New system: Fedora 11, PostgreSQL 8.4
Fedora 11 enables selinux by default ...
> *** Error - Can't connect to database "photodb" - could not connect to server: Permission denied
> Is the server running on host "192.168.111.7" and accepting
> TCP/IP connections on port 5432?
Almost certainly, this represents selinux thinking that apache shouldn't
be making connections to random ports, and denying the socket open long
before it ever has a chance to get to postgres.
If you poke around in the selinux configuration options you can probably
find a switch that opens this up, but I don't know offhand what it is.
Or you could disable selinux, but if you're running a publicly visible
webserver I'd strongly recommend against that. selinux will save your
bacon someday, but not if it's turned off.
regards, tom lane
Tom Lane wrote: > Joel Alpers <joel@jkalpers.com> writes: > >> New system: Fedora 11, PostgreSQL 8.4 >> > > Fedora 11 enables selinux by default ... > > >> *** Error - Can't connect to database "photodb" - could not connect to server: Permission denied >> Is the server running on host "192.168.111.7" and accepting >> TCP/IP connections on port 5432? >> > > Almost certainly, this represents selinux thinking that apache shouldn't > be making connections to random ports, and denying the socket open long > before it ever has a chance to get to postgres. > > If you poke around in the selinux configuration options you can probably > find a switch that opens this up, but I don't know offhand what it is. > > Or you could disable selinux, but if you're running a publicly visible > webserver I'd strongly recommend against that. selinux will save your > bacon someday, but not if it's turned off. > > regards, tom lane > > Tom: Thanks for the quick reply - looks like you were spot on with your analysis. I temporarily set selinix to "permissive" and the web page works as it should. Now the trick will be to find a way to make them play well together -- I'll check the postgres site where they have discussions archived... Thanks again!!! Joel. -- +--------------------------------------------------------------------+ | Joel K. Alpers | Expressive Black and White Images | http://www.jkalpers.com +--------------------------------------------------------------------+
> > Now the trick will be to find a way to make them play well together -- > I'll > check the postgres site where they have discussions archived... you'll probably get more help from a selinux site or list.
John R Pierce wrote: > >> >> Now the trick will be to find a way to make them play well together >> -- I'll >> check the postgres site where they have discussions archived... > > > you'll probably get more help from a selinux site or list. > > > Yes, after I sent that reply I recalled that I was --on-- a postgres list --- sorry, it's been a long few days fighting software. I meant to say I would check on the Fedora forum! Joel. -- +--------------------------------------------------------------------+ | Joel K. Alpers | Expressive Black and White Images | http://www.jkalpers.com +--------------------------------------------------------------------+