Package: postgresql-common
Version: 25
Severity: grave
Justification: causes non-serious data loss
After upgrade from version 23 postgres-8.0 fails to start with:
=2D--8<---8<---
=46ATAL: unsichere Berechtigungen f=FCr private Schl=FCsseldatei =BB/var/l=
ib/postgresql/8.0/main/server.key=AB
DETAIL: Die Datei muss dem Datenbankbenutzer geh=F6ren und keine Berechtig=
ungen f=FCr =BBGruppe=AB oder =BBAndere=AB haben.
=2D--8<---8<---
I don't want to try it with other locale settings because I don't want
to loose more accounting data.
It sais "isecure permissions" and wants the file to be owned by the
database user an have maximum permissions of 0700.
Message-Id: <email address hidden> 1?q?Weing= E4rtner? = <email address hidden>
Date: Mon, 12 Sep 2005 22:46:14 +0200
From: Timo =?iso-8859-
To: "Debian Bug Tracking System" <email address hidden>
Subject: postgresql-common: Fails after upgrade because of too strict checking of permissions on SSL
key file
--nextPart23832 73.Tpv9PSYIfr "iso-8859- 1" Transfer- Encoding: quoted-printable Disposition: inline
Content-Type: text/plain;
charset=
Content-
Content-
Package: postgresql-common
Version: 25
Severity: grave
Justification: causes non-serious data loss
After upgrade from version 23 postgres-8.0 fails to start with:
=2D--8<---8<--- 8.0/main/ server. key=AB
=46ATAL: unsichere Berechtigungen f=FCr private Schl=FCsseldatei =BB/var/l=
ib/postgresql/
DETAIL: Die Datei muss dem Datenbankbenutzer geh=F6ren und keine Berechtig=
ungen f=FCr =BBGruppe=AB oder =BBAndere=AB haben.
=2D--8<---8<---
I don't want to try it with other locale settings because I don't want
to loose more accounting data.
It sais "isecure permissions" and wants the file to be owned by the
database user an have maximum permissions of 0700.
My permissions are:
=2D--8<---8<--- private/ server. tiwe.homelinux. org_key. pem exim:r- -
# file: etc/ssl/
# owner: root
# group: root
user::r--
user:postgres:r--
user:Debian-
group::---
mask::r--
other::---
=2D--8<---8<---
(The key file is made immutable to keep cupsys from changing
permissions)
If postgres thinks the file is insecure it could issue a warning, but
refusing to start is NOT OK.
=46inally I AM THE ADMIN and I know what I'm doing. I don't need any
program pretending to be more clever than me.
There was no warning to check permissions before upgrading, so I lost
accounting data (not serious, it costs me no money).
Timo Weing=E4rtner
=2D- System Information: 3Dde_DE@ euro (charmap= 3DISO-8859- 15)
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.2-swsusp2
Locale: LANG=3Dde_DE@euro, LC_CTYPE=
Versions of packages postgresql-common depends on:
ii adduser 3.67 Add and remove users and groups
Versions of packages postgresql-common recommends:
ii openssl 0.9.7e-3 Secure Socket Layer (SSL) bina=
ry a
=2D- no debconf information
--nextPart23832 73.Tpv9PSYIfr pgp-signature
Content-Type: application/
-----BEGIN PGP SIGNATURE-----
DJekdAAoJEEn74F OC+06t0aYH/ RXG5NixPnZuRjsX WLDPIObS 1oV4SW9MWYX/ Xi2bhhruUBDdheR gvq4jbxfSVptp7p gQjA2Bb DcPCz93SJJftikO SptkxXcK7LWl2i5 5KWauFlwpjAdOzj TVHQ Bd0N3ULXdG16jMj hZs661RI2b3ZvOU 3GVJ1HlGEw1BsLj l8+e tH57OTAkvx2Etxl ORFIYXXQcpeIi6U y5/5Wd9S8Dd3wyt e8SJO3WO/ vf FENsUi4O78Pb03v xpjpAzEaukpsXf+ LhzMCeoiAqJquet 5IE=
Version: GnuPG v1.4.1 (GNU/Linux)
iQEcBAABAgAGBQJ
udBROTgFr87009g
m55qG9roneV5C6n
CRzdq2JUmQ1lH5i
SrB+rmf/
QHwDEKv6xQhsxB4
=fOEE
-----END PGP SIGNATURE-----
--nextPart23832 73.Tpv9PSYIfr- -