Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
Re: David Starner 2011-03-16 aanlktimdd7jmfk3+9cbtkzy48e72nndempsvgkqp_...@mail.gmail.com FATAL: private key file server.key has group or world access 2011-03-15 18:21:36 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. ... failed! Did you happen to change the ssl-cert package's snakeoil certificate manually? The permissions should be $ sudo ls -l /etc/ssl/private/ssl-cert-snakeoil.key -rw-r- 1 root ssl-cert 891 2011-03-03 18:26 /etc/ssl/private/ssl-cert-snakeoil.key I assume this was somehow made world-readable? No, -rw-r- is what the permissions are on my system. I've got it running by turning off ssl. Hi David, do you have that cluster still around? Could you check the permissions of /var/lib/postgresql/9.0/main/server.key ? If that's not a symlink to /etc/ssl/private/ssl-cert-snakeoil.key, what is it? Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: Digital signature
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
On Wed, Mar 16, 2011 at 10:40 AM, Martin Pitt mp...@debian.org wrote: David Starner [2011-03-16 10:38 -0700]: No, -rw-r- is what the permissions are on my system. I've got it running by turning off ssl. What's the owner/group of the file? Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) My personal user. I changed it to root, and turned back on ssl, and it worked. It still would have helped to have better error messages. -- Kie ekzistas vivo, ekzistas espero. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
On Wed, Aug 31, 2011 at 12:33 AM, Christoph Berg m...@debian.org wrote: Re: David Starner 2011-03-16 aanlktimdd7jmfk3+9cbtkzy48e72nndempsvgkqp_...@mail.gmail.com FATAL: private key file server.key has group or world access 2011-03-15 18:21:36 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. ... failed! Did you happen to change the ssl-cert package's snakeoil certificate manually? The permissions should be $ sudo ls -l /etc/ssl/private/ssl-cert-snakeoil.key -rw-r- 1 root ssl-cert 891 2011-03-03 18:26 /etc/ssl/private/ssl-cert-snakeoil.key I assume this was somehow made world-readable? No, -rw-r- is what the permissions are on my system. I've got it running by turning off ssl. Hi David, do you have that cluster still around? Could you check the permissions of /var/lib/postgresql/9.0/main/server.key ? If that's not a symlink to /etc/ssl/private/ssl-cert-snakeoil.key, what is it? It's a symlink to /etc/ssl/private/ssl-cert-snakeoil.key -- Kie ekzistas vivo, ekzistas espero. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
Re: David Starner 2011-08-31 CAMZ=zj42EeNn4UxG6xq1o9On0ntm1MsOkRWLe=4shrbgmlv...@mail.gmail.com It's a symlink to /etc/ssl/private/ssl-cert-snakeoil.key What user/group own this file? Can you still reproduce the problem? The default is root:ssl-cert which should not be changed. For this to work, postgres should be member of the ssl-cert group. (adduser postgres ssl-cert) Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: Digital signature
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
On Wed, Aug 31, 2011 at 3:02 AM, Christoph Berg m...@debian.org wrote: What user/group own this file? Can you still reproduce the problem? root/ssl-cert. Honestly, postgresql was something I was playing with; I don't really have the interest in trying to reproduce it now. Feel free to close it if you want. Sorry. -- Kie ekzistas vivo, ekzistas espero. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
Hello David, David Starner [2011-03-15 18:37 -0700]: FATAL: private key file server.key has group or world access 2011-03-15 18:21:36 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. ... failed! Did you happen to change the ssl-cert package's snakeoil certificate manually? The permissions should be $ sudo ls -l /etc/ssl/private/ssl-cert-snakeoil.key -rw-r- 1 root ssl-cert 891 2011-03-03 18:26 /etc/ssl/private/ssl-cert-snakeoil.key I assume this was somehow made world-readable? Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
On Tue, Mar 15, 2011 at 11:33 PM, Martin Pitt mp...@debian.org wrote: Hello David, David Starner [2011-03-15 18:37 -0700]: FATAL: private key file server.key has group or world access 2011-03-15 18:21:36 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. ... failed! Did you happen to change the ssl-cert package's snakeoil certificate manually? The permissions should be $ sudo ls -l /etc/ssl/private/ssl-cert-snakeoil.key -rw-r- 1 root ssl-cert 891 2011-03-03 18:26 /etc/ssl/private/ssl-cert-snakeoil.key I assume this was somehow made world-readable? No, -rw-r- is what the permissions are on my system. I've got it running by turning off ssl. -- Kie ekzistas vivo, ekzistas espero. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
David Starner [2011-03-16 10:38 -0700]: No, -rw-r- is what the permissions are on my system. I've got it running by turning off ssl. What's the owner/group of the file? Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618532: postgresql-9.0 won't install, complaining of permissions on server.key
Subject: postgresql-9.0 won't install, complaining of permissions on server.key Package: postgresql-9.0 Version: 9.0.3-1 Severity: important I'm installing postgresql-9.0, and the install is failing. It's saying Setting up postgresql-9.0 (9.0.3-1) ... Starting PostgreSQL 9.0 database server: mainThe PostgreSQL server failed to start. Please check the log output: 2011-03-15 18:21:36 PDT FATAL: private key file server.key has group or world access 2011-03-15 18:21:36 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. ... failed! failed! invoke-rc.d: initscript postgresql, action start failed. dpkg: error processing postgresql-9.0 (--configure): subprocess installed post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of postgresql: postgresql depends on postgresql-9.0; however: Package postgresql-9.0 is not configured yet. dpkg: error processing postgresql (--configure): dependency problems - leaving unconfigured configured to not write apport reports configured to not write apport reports Errors were encountered while processing: postgresql-9.0 postgresql E: Sub-process /usr/bin/dpkg returned an error code (1) There are no files with the name server.key on the system, except for one under the CUPS directory. After purging postgresql-8.3, postgresql, postgresq-9.0, I get Selecting previously deselected package postgresql-9.0. (Reading database ... 144664 files and directories currently installed.) Unpacking postgresql-9.0 (from .../postgresql-9.0_9.0.3-1_amd64.deb) ... Setting up postgresql-9.0 (9.0.3-1) ... Creating new cluster (configuration: /etc/postgresql/9.0/main, data: /var/lib/postgresql/9.0/main)... Moving configuration file /var/lib/postgresql/9.0/main/postgresql.conf to /etc/postgresql/9.0/main... Moving configuration file /var/lib/postgresql/9.0/main/pg_hba.conf to /etc/postgresql/9.0/main... Moving configuration file /var/lib/postgresql/9.0/main/pg_ident.conf to /etc/postgresql/9.0/main... Configuring postgresql.conf to use port 5432... update-alternatives: using /usr/share/postgresql/9.0/man/man1/postmaster.1.gz to provide /usr/share/man/man1/postmaster.1.gz (postmaster.1.gz) in auto mode. Starting PostgreSQL 9.0 database server: mainThe PostgreSQL server failed to start. Please check the log output. ... failed! failed! invoke-rc.d: initscript postgresql, action start failed. dpkg: error processing postgresql-9.0 (--configure): subprocess installed post-installation script returned error exit status 1 configured to not write apport reports Errors were encountered while processing: postgresql-9.0 E: Sub-process /usr/bin/dpkg returned an error code (1) and tail /var/log/postgresql/postgresql-9.0-main.log shows 2011-03-15 18:36:35 PDT FATAL: private key file server.key has group or world access 2011-03-15 18:36:35 PDT DETAIL: File must be owned by the database user or root, must have no write permission for group, and must have no permissions for other. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages postgresql-9.0 depends on: ii libc6 2.11.2-13Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2common error description library ii libgssapi-krb5-21.8.3+dfsg-5 MIT Kerberos runtime libraries - k ii libkrb5-3 1.8.3+dfsg-5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries ii libpam0g1.1.2-2 Pluggable Authentication Modules l ii libpq5 9.0.3-1 PostgreSQL C client library ii libssl0.9.8 0.9.8o-5 SSL shared libraries ii libxml2 2.7.8.dfsg-2 GNOME XML library ii locales 2.11.2-13Embedded GNU C Library: National L ii postgresql-client-9.0 9.0.3-1 front-end programs for PostgreSQL ii postgresql-common 114 PostgreSQL database-cluster manage ii ssl-cert1.0.28 simple debconf wrapper for OpenSSL ii tzdata 2011d-1 time zone and daylight-saving time postgresql-9.0 recommends no packages. Versions of packages postgresql-9.0 suggests: pn oidentd | ident-servernone (no description available) -- no debconf information -- Kie ekzistas vivo, ekzistas espero. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org