postgresql 14 上的 ssl 文件权限不正确
ssl file permission on postgresql 14 is not right
在postgresql 14 上启用ssl 后,启动Postgres 服务器时出现错误:
2022-05-13 00:09:39.791 CST [938050] FATAL: private key file "/etc/postgresql/14/main/server.key" has group or world access
2022-05-13 00:23:09.163 CST [938097] DETAIL: File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.
我所做的就是按照上面的提示和chmod 640 server.key。这是 chmod 之后的当前权限输出(似乎只删除组的 r)
-rw-r--r-- 1 root root 2727 May 13 00:08 server.crt
-rw-r----- 1 root root 3323 May 13 00:08 server.csr
-rw-r----- 1 root root 1704 May 13 00:08 server.key
但是重启Postgres服务器还是报错:
2022-05-13 00:38:09.331 CST [938235] FATAL: could not load private key file "/etc/postgresql/14/main/server.key": Permission denied
2022-05-13 00:38:09.331 CST [938235] LOG: database system is shut down
pg_ctl: could not start server
ssl 文件权限这里缺少什么?
首先,将所有文件的所有权更改为 PostgreSQL 用户:
chown postgres server.crt server.key server.csr
然后从私钥文件中删除该组的读取权限:
chmod g-r server.key
在postgresql 14 上启用ssl 后,启动Postgres 服务器时出现错误:
2022-05-13 00:09:39.791 CST [938050] FATAL: private key file "/etc/postgresql/14/main/server.key" has group or world access
2022-05-13 00:23:09.163 CST [938097] DETAIL: File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.
我所做的就是按照上面的提示和chmod 640 server.key。这是 chmod 之后的当前权限输出(似乎只删除组的 r)
-rw-r--r-- 1 root root 2727 May 13 00:08 server.crt
-rw-r----- 1 root root 3323 May 13 00:08 server.csr
-rw-r----- 1 root root 1704 May 13 00:08 server.key
但是重启Postgres服务器还是报错:
2022-05-13 00:38:09.331 CST [938235] FATAL: could not load private key file "/etc/postgresql/14/main/server.key": Permission denied
2022-05-13 00:38:09.331 CST [938235] LOG: database system is shut down
pg_ctl: could not start server
ssl 文件权限这里缺少什么?
首先,将所有文件的所有权更改为 PostgreSQL 用户:
chown postgres server.crt server.key server.csr
然后从私钥文件中删除该组的读取权限:
chmod g-r server.key