Hi Jeroen, This is pgAdmin hackers list. Please send mail to pgsql-general@postgresql.org mailing list for your postgresql related queries.
-- Thanks & Regards, Ashesh Vashi EnterpriseDB INDIA: Enterprise PostgreSQL Company <http://www.enterprisedb.com> *http://www.linkedin.com/in/asheshvashi* <http://www.linkedin.com/in/asheshvashi> On Sun, Apr 23, 2017 at 11:25 PM, Jeroen Jacobs < jeroen.jac...@headincloud.be> wrote: > Hi, > > I'm getting this error when I try to configure ssl with postgres: > > pr 23 13:12:47 pgmaster01 pg_ctl: FATAL: private key file > "/etc/ssl/pgmaster01-key.pem" has group or world access > Apr 23 13:12:47 pgmaster01 pg_ctl: DETAIL: Permissions should be u=rw > (0600) or less. > > The actual permission is: > > centos@pgmaster01 ~]$ ls -l /etc/ssl/pgmaster01-key.pem > -r--r----- 1 root ssl-read 3243 Apr 23 00:00 /etc/ssl/pgmaster01-key.pem > > postgres user is part of the ssl-read group. Thi ssl key is shared with > other software as well, so giving exclusive access to the postgres user is > NOT an option. > > I understand why postgres complains, but I'm pretty sure about what I'm > doing here. How can I tell postgres to start anyway, even when it doesn't > like those permissions? There should be a way to override this, I'm the > admin here, it's up to me to decide to implement my security setup, not the > software itself. > > So basically I have three options: > > - don't use ssl at all (not an option at all, actually) > - create a separate copy of my ssl key file with the correct permissions > that postgres likes (ugly workaround) > - use another database server which allows me to configure it how I want > it. > > I'm actually considering settling for the last solution, due to this crazy > restriction you put in place... > > > Regards, > > Jeroen. >
