The following bug has been logged online: Bug reference: 1963 Logged by: Martin Pitt Email address: [EMAIL PROTECTED] PostgreSQL version: 8.1beta3 Operating system: Debian Description: SSL certificate permission check is too strict Details:
Currently the postmaster requires the private SSL key file to have the same owner as the postmaster, and no permissions for group and others. However, this is too strict to sensibly use the certificate with ACLs, which permits other server processes to share it. In Debian I applied a patch which relaxes the check a bit: in addition to the currently allowed permissions, the file might be: - owned by root - group-readable if the file is in group root or the postmaster group. Since this likely affects non-Debian server installations as well, do you consider adopting this? Thanks! Martin Original Debian bug report: http://bugs.debian.org/327901 Debian patch against 8.1beta3: http://people.debian.org/~mpitt/09-relax-sslkey-permscheck.patch ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
