Ubuntu
ssl-cert package

Bug #225125
Comment #2

Comment 2 for bug 225125

Revision history for this message

Lukasz (lmakowsk) wrote on 2008-05-13: Re: postgresql problem with server.key permissions

It seems that after installing Alpha4 *almost* everything was alright. I am certain that I was not meddling with /etc/ssl/private/ssl-cert-snakeoil.key before the problem occured.

As far as I remember (or just guessing) the problem was due to 644 value of rights set. Owner and group were OK.

Now I have: -rw-r----- 1 root ssl-cert 891 2008-02-27 22:02 ssl-cert-snakeoil.key and psql works.
On another box I installed final version of 8.04, tons of software and ssl*key is OK.

Below is excerpt from postgresql.log on my machine, unfortunately with l10n.
2008-04-20 09:08:11 CEST DZIENNIK: could not load root certificate file "root.crt": no SSL error reported
2008-04-20 09:08:11 CEST SZCZEGÓŁY: Will not verify client certificates.
2008-04-20 09:08:11 CEST DZIENNIK: system bazodanowy został zamknięty o 2008-04-20 01:34:08 CEST /* was shoot down */
2008-04-20 09:08:11 CEST DZIENNIK: autovacuum launcher started
2008-04-20 09:08:11 CEST DZIENNIK: database system is ready to accept connections
2008-04-20 09:08:11 CEST DZIENNIK: incomplete startup packet
2008-04-20 11:39:33 CEST DZIENNIK: incomplete startup packet
2008-04-20 11:39:33 CEST DZIENNIK: received fast shutdown request
2008-04-20 11:39:33 CEST DZIENNIK: aborting any active transactions
2008-04-20 11:39:33 CEST DZIENNIK: autovacuum launcher shutting down
2008-04-20 11:39:33 CEST DZIENNIK: zamykanie /* shutting down */
2008-04-20 11:39:33 CEST DZIENNIK: system bazodanowy jest zamknięty /* database system is closed */
2008-04-20 11:41:36 CEST KATASTROFALNY: unsafe permissions on private key file "server.key"
2008-04-20 11:41:36 CEST SZCZEGÓŁY: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
2008-04-20 18:39:06 CEST KATASTROFALNY: unsafe permissions on private key file "server.key"
2008-04-20 18:39:06 CEST SZCZEGÓŁY: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".

grep '04-20.* installed ' dpkg.log
2008-04-20 10:09:18 status installed libartsc0 1.5.9-0ubuntu2
2008-04-20 10:09:18 status installed libaudio2 1.9.1-1
2008-04-20 10:09:18 status installed libdvdnav4 0.1.10-0.2
2008-04-20 10:09:18 status installed libenca0 1.9-4
2008-04-20 10:09:18 status installed libgii1-target-x 1:1.0.1-3
2008-04-20 10:09:18 status installed libgii1 1:1.0.1-3
2008-04-20 10:09:18 status installed libggi2 1:2.2.1-5ubuntu1
2008-04-20 10:09:18 status installed libggi-target-x 1:2.2.1-5ubuntu1
2008-04-20 10:09:18 status installed libsvga1 1:1.4.3-24
2008-04-20 10:09:18 status installed mplayer-skins 2-7
2008-04-20 10:09:19 status installed mplayer 2:1.0~rc2-0ubuntu13
2008-04-20 10:09:19 status installed libc6 2.7-10ubuntu3

Reboot was about an hour after upgrade. Output from "last" for interesting time:
reboot system boot 2.6.24-16-generi Sun Apr 20 11:41 - 16:47 (05:05)
reboot system boot 2.6.24-16-generi Sun Apr 20 09:08 - 11:39 (02:31)

It seems that after installing Alpha4 *almost* everything was alright. I am certain that I was not meddling with /etc/ssl/private/ssl-cert-snakeoil.key before the problem occured.

As far as I remember (or just guessing) the problem was due to 644 value of rights set. Owner and group were OK.

Now I have: -rw-r----- 1 root ssl-cert  891 2008-02-27 22:02 ssl-cert-snakeoil.key and psql works.
On another box I installed final version of 8.04, tons of software and ssl*key is OK.

Below is excerpt from postgresql.log on my machine, unfortunately with l10n.
2008-04-20 09:08:11 CEST DZIENNIK:  could not load root certificate file "root.crt": no SSL error reported
2008-04-20 09:08:11 CEST SZCZEGÓŁY:  Will not verify client certificates.
2008-04-20 09:08:11 CEST DZIENNIK:  system bazodanowy został zamknięty o 2008-04-20 01:34:08 CEST   /* was shoot down */
2008-04-20 09:08:11 CEST DZIENNIK:  autovacuum launcher started
2008-04-20 09:08:11 CEST DZIENNIK:  database system is ready to accept connections
2008-04-20 09:08:11 CEST DZIENNIK:  incomplete startup packet
2008-04-20 11:39:33 CEST DZIENNIK:  incomplete startup packet
2008-04-20 11:39:33 CEST DZIENNIK:  received fast shutdown request
2008-04-20 11:39:33 CEST DZIENNIK:  aborting any active transactions
2008-04-20 11:39:33 CEST DZIENNIK:  autovacuum launcher shutting down
2008-04-20 11:39:33 CEST DZIENNIK:  zamykanie  /* shutting down */
2008-04-20 11:39:33 CEST DZIENNIK:  system bazodanowy jest zamknięty /* database system is closed */
2008-04-20 11:41:36 CEST KATASTROFALNY:  unsafe permissions on private key file "server.key"
2008-04-20 11:41:36 CEST SZCZEGÓŁY:  File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
2008-04-20 18:39:06 CEST KATASTROFALNY:  unsafe permissions on private key file "server.key"
2008-04-20 18:39:06 CEST SZCZEGÓŁY:  File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".

Reboot was about an hour after upgrade. Output from "last" for interesting time:
reboot   system boot  2.6.24-16-generi Sun Apr 20 11:41 - 16:47  (05:05)  
reboot   system boot  2.6.24-16-generi Sun Apr 20 09:08 - 11:39  (02:31)

Ubuntussl-cert package

Comment 2 for bug 225125

Ubuntu
ssl-cert package