Обсуждение: BUG #15369: Postgres fails to start with default "ssl = true"configuration

Поиск
Список
Период
Сортировка

BUG #15369: Postgres fails to start with default "ssl = true"configuration

От
PG Bug reporting form
Дата:
The following bug has been logged on the website:

Bug reference:      15369
Logged by:          Eric Luther
Email address:      eluther@smartleaf.com
PostgreSQL version: 9.6.10
Operating system:   Debian 9.5
Description:

eluther@testvm03:~$ sudo service postgresql start
Starting PostgreSQL 9.6 database server: mainThe PostgreSQL server failed to
start. Please check the log output: 2018-09-07 16:49:56.926 EDT [3990]
FATAL: could not access private key file
"/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied 2018-09-07
16:49:56.926 EDT [3990] LOG: database system is shut down ... failed!
 failed!

eluther@testvm03:~$ cat /etc/postgresql/9.6/main/postgresql.conf |grep ssl
ssl = true                              # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on         # (change requires restart)
#ssl_ecdh_curve = 'prime256v1'          # (change requires restart)
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'          # (change
requires restart)
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'         # (change
requires restart)
#ssl_ca_file = ''                       # (change requires restart)
#ssl_crl_file = ''                      # (change requires restart)

eluther@testvm03:~$ sudo ls -l /etc/ssl/private/
                                  
[sudo] password for eluther:
total 8
-rw------- 1 root root     1704 Sep  7 13:08 int-wildcard.key
-rw-r----- 1 root ssl-cert 1704 Aug 27 16:48 ssl-cert-snakeoil.key

eluther@testvm03:~$ grep postgres /etc/group
ssl-cert:x:111:postgres
postgres:x:116:

eluther@testvm03:~$ psql --version
psql (PostgreSQL) 9.6.10

eluther@testvm03:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.5 (stretch)
Release:        9.5
Codename:       stretch

Re: BUG #15369: Postgres fails to start with default "ssl = true" configuration

От
Tom Lane
Дата:
=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes:
> Starting PostgreSQL 9.6 database server: mainThe PostgreSQL server failed to
> start. Please check the log output: 2018-09-07 16:49:56.926 EDT [3990]
> FATAL: could not access private key file
> "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied 2018-09-07

Did you check permissions on the directories leading to
ssl-cert-snakeoil.key?  The fact that you had to use sudo to list
that directory is, shall we say, suspicious.

            regards, tom lane