| 1 |
On Mon, April 23, 2012 3:21 pm, napalm@××××××××××.org wrote: |
| 2 |
> I'm unsure if I should be posting this to the -hardened mailing list as |
| 3 |
> I'm using the hardened profile but all of a sudden I'm getting a rather |
| 4 |
> strange error when trying to start postgres. |
| 5 |
> |
| 6 |
> # /etc/init.d/postgresql-9.1 start |
| 7 |
> * Caching service dependencies ... [ |
| 8 |
> ok ] |
| 9 |
> * The following file(s) are not readable by 'postgres': |
| 10 |
> * /etc/postgresql-9.1/postgresql.conf |
| 11 |
> * /etc/postgresql-9.1/pg_ident.conf |
| 12 |
> * /etc/postgresql-9.1/pg_hba.conf |
| 13 |
> * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf' |
| 14 |
> * ERROR: postgresql-9.1 failed to start |
| 15 |
> |
| 16 |
> That's what I'm getting when I attempt to start it and I don't seem to |
| 17 |
> have modified anything. |
| 18 |
> |
| 19 |
> Looking into the init script I can see it's doing su postgres -c "test -r |
| 20 |
> /etc/postgresql-9.1/pg_hba.conf" and the like but the output of: |
| 21 |
> su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail" |
| 22 |
> is fail... so I'm quite at a loss as to what could be going on here. All |
| 23 |
> of the files are owned by postgres, have the correct permissions (I ran |
| 24 |
> chmod 644 as it hinted) and it should be able to traverse to the directory |
| 25 |
> as everything has the execute bit from /etc onwards. |
| 26 |
> |
| 27 |
> Any tips? |
| 28 |
|
| 29 |
I don't have much experience with Hardenened, but are you certain that any |
| 30 |
permissions (including ACLs) are set correctly for PostgreSQL to access |
| 31 |
all its files? |
| 32 |
|
| 33 |
Do you have "sec-policy/selinux-postgresql" installed? And did you |
| 34 |
re-emerge this after the update? |
| 35 |
|
| 36 |
-- |
| 37 |
Joost |
Archives