PostgreSQL won't start: "server.key" has group or world access

A

8

33

Whenerver I start PostgreSQL using command:

$ sudo /etc/init.d/postgresql start

Pg doesn't start up. The error reported is:

 * Starting PostgreSQL 8.4 database server
 * The PostgreSQL server failed to start. Please check the log output:
2010-01-21 22:10:00 PST FATAL: private key file "server.key" has group or world access
2010-01-21 22:10:00 PST DETAIL: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".

... and when I try to access psql as the postgres user with:

$ sudo su postgres
$ psql

it gives me an error:

 could not connect to server: No such file or directory
    Is the server running locally and accepting
    connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?

Accommodate answered 23/8, 2012 at 8:30 Comment(4)

When asking questions like this, mention your operating system and version, your Pg version (though that was in the log), and how you installed PostgreSQL. You're on Linux, maybe Ubuntu with upstart, but I'm not sure. Thanks for including the exact text of the error message. – Chook 24/8, 2012 at 0:13

Also, that's a roundabout way to run psql as user postgres. I prefer sudo -u postgres psql. – Chook 24/8, 2012 at 0:17

@CraigRinger Sorry for your inconvenient. i am using ubuntu 12.04 and my postgres version is 8.4.11. i installed it using "sudo apt-get install " command. – Accommodate 24/8, 2012 at 5:11

No worries, just worth keeping in mind. It'll sometimes help you get better answers sooner. It also helps if you explain the history, the "how did I get to this point" stuff. In this case, for example, how server.key got there, what changed. I'm pretty sure @swair's answer has it right, so I'm mostly explaining for next time. – Chook 24/8, 2012 at 6:44

A

56

I had solved it using ..

1) Enter the relevant directory (use> locate server.key)

2) Back up old server.key link.

3) Copy ssl-cert-snakeoil.key to server.key

4-5) Change its owner & group to postgres

6) Ensure the permissions are 700 or 740 (as requested by error message)

Recipe for my Ubuntu 12.04 & postgresql-8.3:

sudo cd /var/lib/postgresql/8.3/main/
sudo mv server.key server.key-0
sudo cp /etc/ssl/private/ssl-cert-snakeoil.key server.key
sudo chown postgres server.key
sudo chgrp postgres server.key
sudo chmod 740 server.key
sudo /etc/init.d/postgres-8.3 start

And now its working ! Thanks for support.

Accommodate answered 28/8, 2012 at 5:9 Comment(0)

C

10

How about not to hard copying the Server Key and leaving it where and like it is.

Instead it is simplier to:

Change the "server.key" link Permissions in PostgreSQL Data Directory (its the Location where the Link to the private certificate.key File resides)

# cd /var/lib/postgresql/9.1/main/

to

# chown -R postgres:postgres server.key`

And make sure that the original Certificate in

# /etc/ssl/private/ssl-cert-snakeoil.key

has those Properties, by Setting them

# chmod 640 ssl-cert-snakeoil.key
# chown root:ssl-cert ssl-cert-snakeoil.key

This Solution has been tested on Debian. Please remember that CentOS can use the SELinux with extended User Rights Management, which can be viewed by

# ls -laZ *

Cyan answered 18/6, 2014 at 23:8 Comment(0)

A

6

As the error message says, fix the permissions for the key file server.key. The server runs as user "postgres" which should own the file. Try

#cd <path/to/pgsql/data> 
#chown postgres server.key
#chmod 0640 server.key

Antinode answered 23/8, 2012 at 8:39 Comment(0)

C

3

It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with

gpasswd -a postgres ssl-cert

Cinderellacindi answered 3/12, 2014 at 14:9 Comment(0)

S

3

Setthe permissions of /etc/ssl/private to root:ssl-cert. Comments on this issue made me try this solution.

NOTE: even tough the answer is accepted, it didn't solve my issue. To help someone else i wanted to answer here.

Slaveholder answered 6/12, 2014 at 22:45 Comment(0)

J

2

sudo chown postgres /var/lib/postgresql/8.4/main/server.key

sudo chmod 0640 /var/lib/postgresql/8.4/main/server.key

Hit tab after postgresql to confirm your version.

Jealousy answered 8/2, 2014 at 19:53 Comment(0)

K

1

Follow this https://www.postgresql.org/docs/9.6/ssl-tcp.html

use "chmod og-rwx server.key" and change user to postgres user using chown command.

Klan answered 25/3, 2021 at 8:11 Comment(0)

C

0

For me the solution was as simple as:

chmod 0600 client-key.pem

Convey answered 4/1, 2024 at 6:50 Comment(0)

Recommended topics

Hot tags