CODEWITHSUNDEEP
postgresqlubuntussl
Ben
Ben

Reputation: 6227

FATAL: could not access private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied

This is what I enter:

user@user-computer:/usr/lib/postgresql/9.4/bin$ ./postgres -D /etc/postgresql/9.4/main/

This is what I get:

[4173-1] FATAL:  could not access private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied

Can anyone help me? should I change permissions on ss-cert...key file?

Upvotes: 4

Views: 6561

Answers (3)

Arutsudar Arut
Arutsudar Arut

Reputation: 543

(In addition to the existing 2 answers)

Permissions should be set properly for the directory as well (where the ssl-cert-snakeoil.key file resides in i.e., /etc/ssl/private).

Note: The execute (x) permission is required in the parent directories, to traverse the directories leading up to the file.

This is what worked for me:

chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
chmod 755 /etc/ssl/private

Depending on the owner and group, the permissions can be updated accordingly. (Keep in mind that, postgres may not be the only application/service that will be accessing this particular folder)

  • If the /etc/ssl/private folder belongs to the group ssl-cert and owner root, then, the permissions for that folder can be like this: drwx--x---
  • If the /etc/ssl/private folder belongs to the group root and owner root, then, the permissions for that folder can be like this: drwxr-xr-x

Upvotes: 0

Noushad
Noushad

Reputation: 6781

This can happen when the postgres user doesnt belong to ssl-cert usergroup Try adding postgres user to the group ssl-cert

make sure that postgres is the owner of /var/lib/postgresql/version_no/main eg: sudo chown postgres -R /var/lib/postgresql/9.6/main/

Run the below code to fix the usergroup issue and fixing the permissions

# > It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
sudo gpasswd -a postgres ssl-cert

# Fixed ownership and mode
sudo chown root:ssl-cert  /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 740 /etc/ssl/private/ssl-cert-snakeoil.key

# now postgresql starts! (and install command doesn't fail anymore)
sudo service postgres restart

#also try running pg_ctlcluster <version> <cluster> <action>
sudo pg_ctlcluster 9.6 main start

courtsey to GabLeRoux

Upvotes: 0

Daniel V&#233;rit&#233;
Daniel V&#233;rit&#233;

Reputation: 61656

The error happens because you're trying to launch PostgreSQL as your own unpriviledged user, and it's not meant to run like that.

Ubuntu provides PostgreSQL packaged in a way that it should be launched with:

 $ sudo /etc/init.d/postgresql start
 #   or
 $ sudo service postgresql start

or for finer-grained control with pg_ctlcluster, see http://manpages.ubuntu.com/manpages/trusty/man8/pg_ctlcluster.8.html

Upvotes: 3

Related Questions