Linux PostgreSQL 无法启动:“server.key”具有组或世界访问权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12087683/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PostgreSQL won't start: "server.key" has group or world access
提问by Atul Arvind
Whenerver I start PostgreSQL using command:
每当我使用以下命令启动 PostgreSQL 时:
$ sudo /etc/init.d/postgresql start
Pg doesn't start up. The error reported is:
PG 不启动。报告的错误是:
* Starting PostgreSQL 8.4 database server
* The PostgreSQL server failed to start. Please check the log output:
2010-01-21 22:10:00 PST FATAL: private key file "server.key" has group or world access
2010-01-21 22:10:00 PST DETAIL: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
... and when I try to access psql
as the postgres
user with:
......当我尝试访问psql
的postgres
与用户:
$ sudo su postgres
$ psql
it gives me an error:
它给了我一个错误:
could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
采纳答案by Atul Arvind
I had solved it using ..
我已经解决了它使用..
1) Enter the relevant directory (use> locate server.key)
1)进入相关目录(use>locate server.key)
2) Back up old server.key link.
2) 备份旧的 server.key 链接。
3) Copy ssl-cert-snakeoil.key to server.key
3) 将 ssl-cert-snakeoil.key 复制到 server.key
4-5) Change its owner & group to postgres
4-5) 将其所有者和组更改为 postgres
6) Ensure the permissions are 700 or 740 (as requested by error message)
6) 确保权限为 700 或 740(根据错误消息的要求)
Recipe for my Ubuntu 12.04 & postgresql-8.3:
我的 Ubuntu 12.04 和 postgresql-8.3 的配方:
sudo cd /var/lib/postgresql/8.3/main/
sudo mv server.key server.key-0
sudo cp /etc/ssl/private/ssl-cert-snakeoil.key server.key
sudo chown postgres server.key
sudo chgrp postgres server.key
sudo chmod 740 server.key
sudo /etc/init.d/postgres-8.3 start
And now its working ! Thanks for support.
现在它的工作!感谢你的支持。
回答by Swair
As the error message says, fix the permissions for the key file server.key
. The server runs as user "postgres" which should own the file. Try
正如错误消息所说,修复密钥文件的权限server.key
。服务器以用户“postgres”的身份运行,该用户应该拥有该文件。尝试
#cd <path/to/pgsql/data>
#chown postgres server.key
#chmod 0640 server.key
回答by xunil
sudo chown postgres /var/lib/postgresql/8.4/main/server.key
sudo chmod 0640 /var/lib/postgresql/8.4/main/server.key
Hit tab after postgresql to confirm your version.
在 postgresql 之后点击选项卡以确认您的版本。
回答by ERF
How about not to hard copying the Server Key and leaving it where and like it is.
如何不硬复制服务器密钥并将其留在原处和原处。
Instead it is simplier to:
相反,它更简单:
Change the "server.key" link Permissions in PostgreSQL Data Directory (its the Location where the Link to the private certificate.key File resides)
更改 PostgreSQL 数据目录中的“server.key”链接权限(它是指向私有证书.key 文件的链接所在的位置)
# cd /var/lib/postgresql/9.1/main/
# cd /var/lib/postgresql/9.1/main/
to
到
# chown -R postgres:postgres server.key`
And make sure that the original Certificate in
并确保原始证书在
# /etc/ssl/private/ssl-cert-snakeoil.key
has those Properties, by Setting them
拥有这些属性,通过设置它们
# chmod 640 ssl-cert-snakeoil.key
# chown root:ssl-cert ssl-cert-snakeoil.key
This Solution has been tested on Debian. Please remember that CentOS can use the SELinux with extended User Rights Management, which can be viewed by
此解决方案已在 Debian 上进行测试。请记住 CentOS 可以使用带有扩展用户权限管理的 SELinux,可以通过
# ls -laZ *
回答by guillaume
It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
这发生在我身上,结果我错误地从“ssl-cert”组中删除了 postgres 用户,将其设置为
gpasswd -a postgres ssl-cert
gpasswd -a postgres ssl-cert
回答by ilhnctn
Setthe permissions of /etc/ssl/private
to root:ssl-cert
. Comments on this issuemade me try this solution.
将权限设置/etc/ssl/private
为root:ssl-cert
。对这个问题的评论让我尝试了这个解决方案。
NOTE: even tough the answer is accepted, it didn't solve my issue. To help someone else i wanted to answer here.
注意:即使答案被接受,它也没有解决我的问题。为了帮助别人,我想在这里回答。