"Simon Arlott" <[EMAIL PROTECTED]> writes: > On 08/12/07 15:31, Tom Lane wrote: >> "Simon Arlott" <[EMAIL PROTECTED]> writes: >>> FATAL: unsafe permissions on private key file "server.key" >>> DETAIL: File must be owned by the database user and must have no >>> permissions for "group" or "other". >> >>> It should be possible to disable this check in the configuration, so those >>> of us capable of deciding what's unsafe can do so. >> >> You haven't given any reason to think that you are smarter than this >> check. > > The directory containing the SSL keys has appropriate permissions, I > shouldn't have to make a separate copy of them for every application.
Another case where it's important to be able to disable this check is when you're using a file system which doesn't use the unix bits for permission checks either at all or in the traditional way. So for example if the key directory lay on an FAT filesystem which doesn't have unix bit per file the only way to satisfy the check would be to mount the filesystem with the option to make every file in the filesystem have those bits. Storing your keys on a usb stick (which usually use fat filesystems) isn't really such a crazy idea either. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's PostGIS support! ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
