From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-user+bounces-137789-garchives=archives.gentoo.org@lists.gentoo.org>) id 1SNHXQ-0002PR-QZ for garchives@archives.gentoo.org; Thu, 26 Apr 2012 05:47:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 17B00E0712; Thu, 26 Apr 2012 05:46:29 +0000 (UTC) Received: from smtpq1.gn.mail.iss.as9143.net (smtpq1.gn.mail.iss.as9143.net [212.54.34.164]) by pigeon.gentoo.org (Postfix) with ESMTP id 13EA8E06CC for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 05:45:07 +0000 (UTC) Received: from [212.54.34.135] (helo=smtp4.gn.mail.iss.as9143.net) by smtpq1.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from <joost@antarean.org>) id 1SNHVr-0004zd-41 for gentoo-user@lists.gentoo.org; Thu, 26 Apr 2012 07:45:07 +0200 Received: from 5ed027d6.cm-7-1a.dynamic.ziggo.nl ([94.208.39.214] helo=data.antarean.org) by smtp4.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from <joost@antarean.org>) id 1SNHVp-00058m-PN for gentoo-user@lists.gentoo.org; Thu, 26 Apr 2012 07:45:07 +0200 Received: from localhost (localhost [127.0.0.1]) by data.antarean.org (Postfix) with ESMTP id C2EDE2A8F for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 07:46:12 +0200 (CEST) X-Virus-Scanned: amavisd-new at antarean.org Received: from data.antarean.org ([127.0.0.1]) by localhost (data.antarean.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJTTQWI8uHmV for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 07:46:11 +0200 (CEST) Received: from www.antarean.org (net.antarean.org [10.10.11.5]) by data.antarean.org (Postfix) with ESMTP id EA64A16E8 for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 07:46:10 +0200 (CEST) Received: from 62.132.204.73 (SquirrelMail authenticated user joost) by www.antarean.org with HTTP; Thu, 26 Apr 2012 07:46:10 +0200 Message-ID: <bc77886c31c4a32e77d5b79e06660613.squirrel@www.antarean.org> In-Reply-To: <20120423132130.GA11404@squareownz.org> References: <20120423132130.GA11404@squareownz.org> Date: Thu, 26 Apr 2012 07:46:10 +0200 Subject: Re: [gentoo-user] Postgres suddenly can't access files in its /etc directory From: "J. Roeleveld" <joost@antarean.org> To: gentoo-user@lists.gentoo.org User-Agent: SquirrelMail/1.4.21 Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable X-Ziggo-spambar: / X-Ziggo-spamscore: -0.9 X-Ziggo-spamreport: BAYES_00=-1.9,KHOP_DYNAMIC=0.001,RDNS_DYNAMIC=0.982,T_RP_MATCHES_RCVD=-0.01 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Archives-Salt: 1dd9534f-c1ad-4f2a-a1ea-d412a772fe13 X-Archives-Hash: 1e476516366d4b5337be8a72c4fff54f On Mon, April 23, 2012 3:21 pm, napalm@squareownz.org wrote: > I'm unsure if I should be posting this to the -hardened mailing list as > I'm using the hardened profile but all of a sudden I'm getting a rather > strange error when trying to start postgres. > > # /etc/init.d/postgresql-9.1 start > * Caching service dependencies ... = [ > ok ] > * The following file(s) are not readable by 'postgres': > * /etc/postgresql-9.1/postgresql.conf > * /etc/postgresql-9.1/pg_ident.conf > * /etc/postgresql-9.1/pg_hba.conf > * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf' > * ERROR: postgresql-9.1 failed to start > > That's what I'm getting when I attempt to start it and I don't seem to > have modified anything. > > Looking into the init script I can see it's doing su postgres -c "test = -r > /etc/postgresql-9.1/pg_hba.conf" and the like but the output of: > su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail= " > is fail... so I'm quite at a loss as to what could be going on here. Al= l > of the files are owned by postgres, have the correct permissions (I ran > chmod 644 as it hinted) and it should be able to traverse to the direct= ory > as everything has the execute bit from /etc onwards. > > Any tips? I don't have much experience with Hardenened, but are you certain that an= y permissions (including ACLs) are set correctly for PostgreSQL to access all its files? Do you have "sec-policy/selinux-postgresql" installed? And did you re-emerge this after the update? -- Joost