From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-137793-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SNLXi-0005dX-FE
	for garchives@archives.gentoo.org; Thu, 26 Apr 2012 10:03:18 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8B019E0540;
	Thu, 26 Apr 2012 10:03:02 +0000 (UTC)
Received: from mail.squareownz.org (static.185.64.4.46.clients.your-server.de [46.4.64.185])
	by pigeon.gentoo.org (Postfix) with ESMTP id 2E0F1E073A
	for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 10:01:30 +0000 (UTC)
Received: by mail.squareownz.org (Postfix, from userid 1000)
	id EE5FD9C024F; Thu, 26 Apr 2012 12:01:28 +0200 (CEST)
Date: Thu, 26 Apr 2012 12:01:28 +0200
From: napalm@squareownz.org
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Postgres suddenly can't access files in its /etc
 directory
Message-ID: <20120426100128.GA6939@squareownz.org>
References: <20120423132130.GA11404@squareownz.org>
 <bc77886c31c4a32e77d5b79e06660613.squirrel@www.antarean.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l"
Content-Disposition: inline
In-Reply-To: <bc77886c31c4a32e77d5b79e06660613.squirrel@www.antarean.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: e24575b4-65d1-4c62-a215-667bc911ba82
X-Archives-Hash: b589bed7905fa5327b4f5ed929af781b


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 26, 2012 at 07:46:10AM +0200, J. Roeleveld wrote:
> On Mon, April 23, 2012 3:21 pm, napalm@squareownz.org wrote:
> > I'm unsure if I should be posting this to the -hardened mailing list as
> > I'm using the hardened profile but all of a sudden I'm getting a rather
> > strange error when trying to start postgres.
> >
> > # /etc/init.d/postgresql-9.1 start
> >  * Caching service dependencies ...                                    =
  [
> > ok ]
> >  * The following file(s) are not readable by 'postgres':
> >  *     /etc/postgresql-9.1/postgresql.conf
> >  *     /etc/postgresql-9.1/pg_ident.conf
> >  *     /etc/postgresql-9.1/pg_hba.conf
> >  * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf'
> >  * ERROR: postgresql-9.1 failed to start
> >
> > That's what I'm getting when I attempt to start it and I don't seem to
> > have modified anything.
> >
> > Looking into the init script I can see it's doing su postgres -c "test =
-r
> > /etc/postgresql-9.1/pg_hba.conf" and the like but the output of:
> > 	su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail"
> > is fail... so I'm quite at a loss as to what could be going on here. All
> > of the files are owned by postgres, have the correct permissions (I ran
> > chmod 644 as it hinted) and it should be able to traverse to the direct=
ory
> > as everything has the execute bit from /etc onwards.
> >
> > Any tips?
>=20
> I don't have much experience with Hardenened, but are you certain that any
> permissions (including ACLs) are set correctly for PostgreSQL to access
> all its files?
>=20
> Do you have "sec-policy/selinux-postgresql" installed? And did you
> re-emerge this after the update?
>=20
> --
> Joost
>=20
I got things working in the end by deleting everything to do with
postgres, re-emerging and then restoring from a backup (it's fine
because the database is only updated a few times a day).

Still totally confused as to what the issue was. I hadn't been fiddling
with permissions or anything at all, didn't even go near the postgres
config files and there was no update to postgres so I'm just at a loss.

I don't have sec-policy/selinux-postgresql installed, more using PaX and
GRSecurity than selinux on my current installation, doubt that would
have helped.

I'm a bit annoyed that I couldn't solve the issue without doing the sort
of "turn it off and on" approach but it has done the trick so I guess
that's that.

I must have messed something up somewhere. Any guess as to if PAM or a
glibc update could have broken it? I wouldn't have thought glibc but I'm
a little clueless when it comes to PAM, then again I tried emerging
(without deleting everything) with USE=3D"-pam" to no avail.

Anyway thanks for the help everyone, sorry I can't give a better
diagnosis. I did check strace logs and everything, couldn't locate the
error. Blargh!

Cheers,
David

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iJwEAQECAAYFAk+ZHPgACgkQwma4ruuHSlnv7gP/d+tnA0kcsL8APl7O/XflHy2D
ZzD45edrqAumw3e3A9pVKjxtEZvSnT8TLgo1vkkJmYIbNxwJS9XKYnOrJt3mSz8v
1EBRWMrWYGr2zPw3ezxOVzn1itKUKl3hRYoViBdcF/ROMf9bOVmq3sXJvE0+BODs
WTht6hBKhFiyUdZh7Uk=
=J4QU
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--