FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied

前端 未结 6 2773
长情又很酷
长情又很酷 2021-02-20 02:37

I believe I ended up mixing up permissions at /etc/ssl directories tree as the last modification was made on 18th November and a day after I could not get my PostgreSQL to work.

相关标签:
6条回答
  • 2021-02-20 02:55

    Try setting permissions on the .key file to 600. Postgres doesn't like key files with group or world permissions set. You may also need to change the owner to postgres, though I'm not sure about that.

    0 讨论(0)
  • 2021-02-20 03:02

    Check the output of

    $ sudo -u postgres
    $ cd /etc/ssl/private
    $ ls
    

    If the response is "Permission denied" do

    $ chown postgres:ssl-cert /etc/ssl/private/
    $ chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil.key
    
    0 讨论(0)
  • 2021-02-20 03:07

    Try adding postgres user to the group ssl-cert

    Run the below code to fix your issue:

    # > It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
    sudo gpasswd -a postgres ssl-cert
    
    # Fixed ownership and mode
    sudo chown root:ssl-cert  /etc/ssl/private/ssl-cert-snakeoil.key
    sudo chmod 740 /etc/ssl/private/ssl-cert-snakeoil.key
    
    # now postgresql starts! (and install command doesn't fail anymore)
    sudo /etc/init.d/postgresql start
    

    courtsey to GabLeRoux

    0 讨论(0)
  • 2021-02-20 03:08

    I am running the postgres server in WSL, and I was facing the error with the ssl-cert file. I managed to make it work by changing the owner of the file to the postgres user I had created, adding the expected user and group IDs to the user as required of the application (111 and 116, respectively, as gleaned from helpful error messages), and voila, I have an active server from within WSL.

    sudo useradd postgres
    sudo usermod -u 111 -g 116 -a -G ssl-cert postgres
    sudo chown postgres /etc/ssl/private/ssl-cert-snakeoil.key
    

    After running the above, there were two more files the user running the server (postgres for me) needed permission to access, both residing in /var/postgresql. I used sudo chown -- twice more to give ownership to postgres. Running sudo service postgresql start will tell you which files you'll need to transfer ownership of through any error messages.

    0 讨论(0)
  • 2021-02-20 03:13

    I was suffering from this issue when attempting to start Postgresql on a remote docker instance. I eventually tracked down the crazy solution here. Basically you have to recreate the directories, chown on it's own doesn't work:

    mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
    
    0 讨论(0)
  • 2021-02-20 03:16

    Only thing that will work if you have changed permissions for /etc/ssl/private

    mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
    

    Copy this whole command (It's a one line code).

    If this doesn't work for you, ckeck your postgres user groups by groups postgres and make sure your postgres user have ssl-cert root postgres (Order doesn't matter).

    Now lets check your file permissions on ssl/private :

    $ ls -la /etc/ssl/
    > drwx------   2 postgres root private
    

    If this is not the output change your permissions with sudo chmod -R 700 /etc/ssl/private and for owners chown -R postgres:root /etc/ssl/private

    //Now check permissions on ssl-cert-snakeoil.key, 
    //which will be inside your **private** directory.
    $ ls -la /etc/ssl/private/ssl-cert-snakeoil.key
    > -rwx------ 1 postgres root /etc/ssl/private/ssl-cert-snakeoil.key
    
    0 讨论(0)
提交回复
热议问题