[Expired for ssl-cert (Ubuntu) because there has been no activity for 60
days.]
** Changed in: ssl-cert (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/22512
I encountered essentially the same problem with a Jaunty (9.04)
installation.
My problem was seemingly caused by having installed and configured
dovecot BEFORE installing the postgres 8.3 server. My snakeoil key had
the following permissions:
r...@kingpin:/etc/postgresql/8.3/main# ls -l
/etc/ss
** This bug is no longer flagged as a security vulnerability
--
/etc/ssl/private/ssl-cert-snakeoil.key is world readable
https://bugs.launchpad.net/bugs/225125
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
A possible solution to the impossibility to launch postgres : you should
check that the postgres user is still a member of the sss-cert group. I
botched the group membership by mistake and wasn't able to launch the
server with the same error as above.
Restoring the right membership solved the issu
Mathi [2008-09-18 10:48 -]:
> The command "sudo -u postgres head /var/lib/postgresql/8.3/main/server.key"
> gives error as below
>
> head: cannot open `/var/lib/postgresql/7.4/main/server.key' for reading:
> Permission denied
Please give the output of
sudo ls -ld /var/lib
sudo ls -ld /var
Hi all,
I am using postgres 7.4 . I tried to enable SSL in it..
I was succesful in creating the files server.key, server.crt,server.crt.der
But when i try to restart my server after that, it says
FATAL: could not load private key file
"/var/lib/postgresql/7.4/main/server.key": Permission denied
Hi Martin
Thanks for pointing out about my private ssl key. In reality, the 'head'
command gave only a
part of my private ssl-key file. So in that sense it is useless even if
advertised.
Yes, to be more secure, I did replace it with a new one that I generated
- using the make-ssl-cert command
@Martin
I always do a fresh install, so I did of Hardy as well. I didn't configure
anything manually. I tried to install postgresql on a different machine and no
errors occurred there. So it must be my machine. If you want me to post more
stuff, just tell me.
--
/etc/ssl/private/ssl-cert-snake
stani,
-rwxrwxrwx 1 root ssl-cert 887 2008-04-29 02:46 ssl-cert-snakeoil.key
ugh, a world-readable and writable private SSL key? that's really,
really bad; how did that happen, just during a gutsy->hardy upgrade, or
did you configure that manually at some point?
Mohan,
actually I just asked whe
Hello Martin
Apologies for being out of loop for a few days
Here is the output that you requested:
-
[EMAIL PROTECTED]:~$ sudo -u postgres head
/var/lib/postgresql/8.3/main/server.key
-BEGIN RSA PRIVATE KEY-
MIICXgIBAAKBgQDJYQBvBGn0qar3EXCxgrEXfKrnuUIfGDSIhQSOh5
After changing the permissions, I could dist-upgrade successfully:
$ sudo ls -l /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r- 1 root ssl-cert 887 2008-04-29 02:46
/etc/ssl/private/ssl-cert-snakeoil.key
--
/etc/ssl/private/ssl-cert-snakeoil.key is world readable
https://bugs.launchpad.net/bu
I run into the same problem when trying to install postgresql 8.3 ...
(sorry for the dutch)
$ sudo apt-get dist-upgrade
Pakketlijsten worden ingelezen... Klaar
Boom van vereisten wordt opgebouwd
Statusinformatie wordt gelezen... Klaar
Opwaardering wordt doorgerekend... Klaar
0 pakketten opg
Hm, this is really weird. Just to confirm, if you do this:
sudo -u postgres head /var/lib/postgresql/8.3/main/server.key
does that work, or do you get an error message? What is the current
permission on that file, still 640 root:ssl-cert?
--
/etc/ssl/private/ssl-cert-snakeoil.key is world read
Hi Martin
Yes, here is the clip:
---
[EMAIL PROTECTED]:~$ id postgres
uid=110(postgres) gid=108(ssl-cert) groups=108(ssl-cert),120(postgres)
[EMAIL PROTECTED]:~$
--
Postgres is in the ssl-cert group.
regards
Mohan
--
/etc/ssl/private/ss
Mohan, this has got nothing to do with the ssl cert, but is the default
configured in pg_hba.conf. See
http://www.postgresql.org/docs/8.2/interactive/client-
authentication.html for details. In particular, if you want password
based authentication, change "ident" to "md5".
As for your SSL problem,
Hi Lukasz and Martin
Thanks a lot for your quick response.
Here is the output desired:
--
[EMAIL PROTECTED]:/# ls -ld /etc/ssl/private/
drwxr-x--- 2 root ssl-cert 4096 2008-05-28 16:19 /etc/ssl/private/
[EMAIL PROTECTED]:/# ls -l /etc/ssl/private/
total 4
-rwxr- 1 ro
Mohan [2008-06-09 13:19 -]:
> [EMAIL PROTECTED]:/var/lib/postgresql/8.3/main# ls -l
> /etc/ssl/private/ssl-cert-snakeoil.key
> -rwxr- 1 root ssl-cert 891 2008-05-28 16:19
> /etc/ssl/private/ssl-cert-snakeoil.key
It should be "640", not "740", but that isn't the cause of your
breakage her
Hello Mohan!
I have psql happily running. Executable flag on key file is not necessary (that
was my fault as well) and/or could even be forbidden in this case - try to set
exact permission flags. Check also directory permission and owners.
# ls -ld /etc/ssl/private/
drwx--x--- 2 root ssl-cert 40
Hello
Am trying to install openbravoERP (it needs postgresql) on Kubuntu 8.4.
Through adept manager, I installed postgresql 8.3.
Initially it would not recognise postgres as a user - following tips on the
internet
I had to change the following line in the folder /etc/postgres/8.3/main
and in f
> Shame on me :(
No reason for that at all, I'm glad that you reported this. If this is
really caused by an Ubuntu package, it's a very serious problem. But
with the currently available data I don't know where to look and fix it.
:-/ Thus I cannot do much with the current report.
--
/etc/ssl/pri
Yes, there is a chance that I accidentally changed file permission :(
I am not so certain anymore that it was not my mistake. I didn't need
psql for 10 days and didn't care if it is running either. So after such
a long time I could have forgotten what I was doing. On the other hand I
don't know ho
21 matches
Mail list logo
