| 1 |
On Thu, Apr 26, 2012 at 07:46:10AM +0200, J. Roeleveld wrote: |
| 2 |
> On Mon, April 23, 2012 3:21 pm, napalm@××××××××××.org wrote: |
| 3 |
> > I'm unsure if I should be posting this to the -hardened mailing list as |
| 4 |
> > I'm using the hardened profile but all of a sudden I'm getting a rather |
| 5 |
> > strange error when trying to start postgres. |
| 6 |
> > |
| 7 |
> > # /etc/init.d/postgresql-9.1 start |
| 8 |
> > * Caching service dependencies ... [ |
| 9 |
> > ok ] |
| 10 |
> > * The following file(s) are not readable by 'postgres': |
| 11 |
> > * /etc/postgresql-9.1/postgresql.conf |
| 12 |
> > * /etc/postgresql-9.1/pg_ident.conf |
| 13 |
> > * /etc/postgresql-9.1/pg_hba.conf |
| 14 |
> > * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf' |
| 15 |
> > * ERROR: postgresql-9.1 failed to start |
| 16 |
> > |
| 17 |
> > That's what I'm getting when I attempt to start it and I don't seem to |
| 18 |
> > have modified anything. |
| 19 |
> > |
| 20 |
> > Looking into the init script I can see it's doing su postgres -c "test -r |
| 21 |
> > /etc/postgresql-9.1/pg_hba.conf" and the like but the output of: |
| 22 |
> > su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail" |
| 23 |
> > is fail... so I'm quite at a loss as to what could be going on here. All |
| 24 |
> > of the files are owned by postgres, have the correct permissions (I ran |
| 25 |
> > chmod 644 as it hinted) and it should be able to traverse to the directory |
| 26 |
> > as everything has the execute bit from /etc onwards. |
| 27 |
> > |
| 28 |
> > Any tips? |
| 29 |
> |
| 30 |
> I don't have much experience with Hardenened, but are you certain that any |
| 31 |
> permissions (including ACLs) are set correctly for PostgreSQL to access |
| 32 |
> all its files? |
| 33 |
> |
| 34 |
> Do you have "sec-policy/selinux-postgresql" installed? And did you |
| 35 |
> re-emerge this after the update? |
| 36 |
> |
| 37 |
> -- |
| 38 |
> Joost |
| 39 |
> |
| 40 |
I got things working in the end by deleting everything to do with |
| 41 |
postgres, re-emerging and then restoring from a backup (it's fine |
| 42 |
because the database is only updated a few times a day). |
| 43 |
|
| 44 |
Still totally confused as to what the issue was. I hadn't been fiddling |
| 45 |
with permissions or anything at all, didn't even go near the postgres |
| 46 |
config files and there was no update to postgres so I'm just at a loss. |
| 47 |
|
| 48 |
I don't have sec-policy/selinux-postgresql installed, more using PaX and |
| 49 |
GRSecurity than selinux on my current installation, doubt that would |
| 50 |
have helped. |
| 51 |
|
| 52 |
I'm a bit annoyed that I couldn't solve the issue without doing the sort |
| 53 |
of "turn it off and on" approach but it has done the trick so I guess |
| 54 |
that's that. |
| 55 |
|
| 56 |
I must have messed something up somewhere. Any guess as to if PAM or a |
| 57 |
glibc update could have broken it? I wouldn't have thought glibc but I'm |
| 58 |
a little clueless when it comes to PAM, then again I tried emerging |
| 59 |
(without deleting everything) with USE="-pam" to no avail. |
| 60 |
|
| 61 |
Anyway thanks for the help everyone, sorry I can't give a better |
| 62 |
diagnosis. I did check strace logs and everything, couldn't locate the |
| 63 |
error. Blargh! |
| 64 |
|
| 65 |
Cheers, |
| 66 |
David |
Archives