Обсуждение: BUG #15369: Postgres fails to start with default "ssl = true"configuration
BUG #15369: Postgres fails to start with default "ssl = true"configuration
От
PG Bug reporting form
Дата:
The following bug has been logged on the website: Bug reference: 15369 Logged by: Eric Luther Email address: eluther@smartleaf.com PostgreSQL version: 9.6.10 Operating system: Debian 9.5 Description: eluther@testvm03:~$ sudo service postgresql start Starting PostgreSQL 9.6 database server: mainThe PostgreSQL server failed to start. Please check the log output: 2018-09-07 16:49:56.926 EDT [3990] FATAL: could not access private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied 2018-09-07 16:49:56.926 EDT [3990] LOG: database system is shut down ... failed! failed! eluther@testvm03:~$ cat /etc/postgresql/9.6/main/postgresql.conf |grep ssl ssl = true # (change requires restart) #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers #ssl_prefer_server_ciphers = on # (change requires restart) #ssl_ecdh_curve = 'prime256v1' # (change requires restart) ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) #ssl_ca_file = '' # (change requires restart) #ssl_crl_file = '' # (change requires restart) eluther@testvm03:~$ sudo ls -l /etc/ssl/private/ [sudo] password for eluther: total 8 -rw------- 1 root root 1704 Sep 7 13:08 int-wildcard.key -rw-r----- 1 root ssl-cert 1704 Aug 27 16:48 ssl-cert-snakeoil.key eluther@testvm03:~$ grep postgres /etc/group ssl-cert:x:111:postgres postgres:x:116: eluther@testvm03:~$ psql --version psql (PostgreSQL) 9.6.10 eluther@testvm03:~$ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 9.5 (stretch) Release: 9.5 Codename: stretch
=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes: > Starting PostgreSQL 9.6 database server: mainThe PostgreSQL server failed to > start. Please check the log output: 2018-09-07 16:49:56.926 EDT [3990] > FATAL: could not access private key file > "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied 2018-09-07 Did you check permissions on the directories leading to ssl-cert-snakeoil.key? The fact that you had to use sudo to list that directory is, shall we say, suspicious. regards, tom lane