postgresql 致命:无法访问私钥文件“/etc/ssl/private/ssl-cert-snakeoil.key”:权限被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34209661/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied
提问by augustus182l
I believe I ended up mixing up permissions at /etc/ssl directories tree as the last modification was made on 18th November and a day after I could not get my PostgreSQL to work.
我相信我最终混淆了 /etc/ssl 目录树的权限,因为最后一次修改是在 11 月 18 日和我无法让我的 PostgreSQL 工作的第二天。
When I type in
当我输入
sudo service postgresql start
须藤服务 postgresql 启动
I get
我得到
FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied
致命:无法访问私钥文件“/etc/ssl/private/ssl-cert-snakeoil.key”:权限被拒绝
Checking permissions
检查权限
~$ sudo -i
~$ ls -la /etc/ssl/private
drw-r----- 2 root ssl-cert 4096 Nov 18 21:10 .
-rwxrwxrwx 1 postgres postgres 1704 Set 4 11:26 ssl-cert-snakeoil.key
~$ sudo -i
~$ ls -la /etc/ssl/private
drw-r----- 2 root ssl-cert 4096 Nov 18 21:10 。
-rwxrwxrwx 1 postgres postgres 1704 Set 4 11:26 ssl-cert-snakeoil.key
Checking group composition
检查组组成
~$ id postgres
uid=114(postgres) gid=127(postgres) groups=127(postgres),114(ssl-cert)
~$ id postgres
uid=114(postgres) gid=127(postgres) 组=127(postgres),114(ssl-cert)
Also I noticed that my ssl-cert-snakeoil.pem file at /etc/ssl/certs/ doesn't have a symlink. I don't know if this makes any difference...
我还注意到 /etc/ssl/certs/ 中的 ssl-cert-snakeoil.pem 文件没有符号链接。不知道这个有没有区别...
Please, help me sort this out.
请帮我解决这个问题。
Thanks.
谢谢。
Edit: Should it be posted on serverfaultinstead?
编辑:它应该发布在serverfault 上吗?
回答by Noushad
Try adding postgresuser to the group ssl-cert
尝试将postgres用户添加到组ssl-cert
Run the below code to fix the above and fixing the permissions
运行以下代码以修复上述问题并修复权限
# > It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
sudo gpasswd -a postgres ssl-cert
# Fixed ownership and mode
sudo chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 740 /etc/ssl/private/ssl-cert-snakeoil.key
# now postgresql starts! (and install command doesn't fail anymore)
sudo /etc/init.d/postgresql start
courtseyto GabLeRoux
courtsey到GabLeRoux
回答by devops
Check the output of
检查输出
$ sudo -u postgres
$ cd /etc/ssl/private
$ ls
If the response is "Permission denied" do
如果响应是“权限被拒绝”,请执行
$ chown postgres:ssl-cert /etc/ssl/private/
$ chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil.key
回答by Iain Hunter
I was suffering from this issue when attempting to start Postgresql on a remote docker instance. I eventuallytracked down the crazy solution here. Basically you have to recreate the directories, chown on it's own doesn't work:
尝试在远程 docker 实例上启动 Postgresql 时,我遇到了这个问题。我最终在这里找到了疯狂的解决方案。基本上你必须重新创建目录, chown 本身不起作用:
mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
回答by Smit Patel
Only thing that will work if you have changed permissions for /etc/ssl/private
如果您更改了 /etc/ssl/private 的权限,唯一可行的方法是
mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
Copy this whole command (It's a one line code).
复制整个命令(这是一行代码)。
If this doesn't work for you, ckeck your postgres user groups by
groups postgresand make sure your postgres user have ssl-cert root postgres(Order doesn't matter).
如果这对您不起作用,请检查您的 postgres 用户组
groups postgres并确保您的 postgres 用户具有ssl-cert root postgres(顺序无关紧要)。
Now lets check your file permissions on ssl/private :
现在让我们检查您对 ssl/private 的文件权限:
$ ls -la /etc/ssl/
> drwx------ 2 postgres root private
If this is not the output change your permissions with sudo chmod -R 700 /etc/ssl/privateand for owners chown -R postgres:root /etc/ssl/private
如果这不是输出,请更改sudo chmod -R 700 /etc/ssl/private所有者的权限和所有者的权限chown -R postgres:root /etc/ssl/private
//Now check permissions on ssl-cert-snakeoil.key,
//which will be inside your **private** directory.
$ ls -la /etc/ssl/private/ssl-cert-snakeoil.key
> -rwx------ 1 postgres root /etc/ssl/private/ssl-cert-snakeoil.key
回答by Chris Ivan
I am running the postgres server in WSL, and I was facing the error with the ssl-cert file. I managed to make it work by changing the owner of the file to the postgres user I had created, adding the expected user and group IDs to the user as required of the application (111 and 116, respectively, as gleaned from helpful error messages), and voila, I have an active server from within WSL.
我在 WSL 中运行 postgres 服务器,但我遇到了 ssl-cert 文件的错误。我设法通过将文件的所有者更改为我创建的 postgres 用户,根据应用程序的需要向用户添加预期的用户和组 ID(分别为 111 和 116,从有用的错误消息中收集)来使其工作,瞧,我有一个来自 WSL 的活动服务器。
sudo useradd postgres
sudo usermod -u 111 -g 116 -a -G ssl-cert postgres
sudo chown postgres /etc/ssl/private/ssl-cert-snakeoil.key
After running the above, there were two more files the user running the server (postgres for me) needed permission to access, both residing in /var/postgresql. I used sudo chown --twice more to give ownership to postgres. Running sudo service postgresql startwill tell you which files you'll need to transfer ownership of through any error messages.
运行上述后,运行服务器的用户(对我来说是 postgres)还有两个文件需要访问权限,它们都驻留在/var/postgresql. 我又使用了sudo chown --两次来赋予 postgres 所有权。运行sudo service postgresql start将通过任何错误消息告诉您需要转移哪些文件的所有权。
回答by Warren Dew
Try setting permissions on the .key file to 600. Postgres doesn't like key files with group or world permissions set. You may also need to change the owner to postgres, though I'm not sure about that.
尝试将 .key 文件的权限设置为 600。Postgres 不喜欢设置了组或世界权限的密钥文件。您可能还需要将所有者更改为 postgres,但我不确定这一点。
