On Thu, Apr 26, 2012 at 07:46:10AM +0200, J. Roeleveld wrote: > On Mon, April 23, 2012 3:21 pm, nap...@squareownz.org wrote: > > I'm unsure if I should be posting this to the -hardened mailing list as > > I'm using the hardened profile but all of a sudden I'm getting a rather > > strange error when trying to start postgres. > > > > # /etc/init.d/postgresql-9.1 start > > * Caching service dependencies ... [ > > ok ] > > * The following file(s) are not readable by 'postgres': > > * /etc/postgresql-9.1/postgresql.conf > > * /etc/postgresql-9.1/pg_ident.conf > > * /etc/postgresql-9.1/pg_hba.conf > > * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf' > > * ERROR: postgresql-9.1 failed to start > > > > That's what I'm getting when I attempt to start it and I don't seem to > > have modified anything. > > > > Looking into the init script I can see it's doing su postgres -c "test -r > > /etc/postgresql-9.1/pg_hba.conf" and the like but the output of: > > su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail" > > is fail... so I'm quite at a loss as to what could be going on here. All > > of the files are owned by postgres, have the correct permissions (I ran > > chmod 644 as it hinted) and it should be able to traverse to the directory > > as everything has the execute bit from /etc onwards. > > > > Any tips? > > I don't have much experience with Hardenened, but are you certain that any > permissions (including ACLs) are set correctly for PostgreSQL to access > all its files? > > Do you have "sec-policy/selinux-postgresql" installed? And did you > re-emerge this after the update? > > -- > Joost > I got things working in the end by deleting everything to do with postgres, re-emerging and then restoring from a backup (it's fine because the database is only updated a few times a day).
Still totally confused as to what the issue was. I hadn't been fiddling with permissions or anything at all, didn't even go near the postgres config files and there was no update to postgres so I'm just at a loss. I don't have sec-policy/selinux-postgresql installed, more using PaX and GRSecurity than selinux on my current installation, doubt that would have helped. I'm a bit annoyed that I couldn't solve the issue without doing the sort of "turn it off and on" approach but it has done the trick so I guess that's that. I must have messed something up somewhere. Any guess as to if PAM or a glibc update could have broken it? I wouldn't have thought glibc but I'm a little clueless when it comes to PAM, then again I tried emerging (without deleting everything) with USE="-pam" to no avail. Anyway thanks for the help everyone, sorry I can't give a better diagnosis. I did check strace logs and everything, couldn't locate the error. Blargh! Cheers, David
pgpjMS6LvrIlG.pgp
Description: PGP signature