致命：无法访问私钥文件“ /etc/ssl/private/ssl-cert-snakeoil.key”：权限被拒绝 [英] FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied

问题描述

我相信我最终在/ etc / ssl目录树中混淆了权限，因为最后一次修改是在11月18日，也就是我无法使PostgreSQL工作的第二天。

I believe I ended up mixing up permissions at /etc/ssl directories tree as the last modification was made on 18th November and a day after I could not get my PostgreSQL to work.

当我键入

sudo服务postgresql启动

sudo service postgresql start

我得到

致命：无法访问私钥文件 /etc/ssl/private/ssl-cert-snakeoil.key：权限被拒绝

FATAL: could not access private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied

检查权限

〜$ sudo -i

〜$ ls -la / etc / ssl / private

drw-r- ---- 2 root ssl-cert 4096 11月18日21:10。

-rwxrwxrwx 1 postgres postgres 1704 Set 4 11:26 ssl-cert-snakeoil.key

~$ sudo -i
~$ ls -la /etc/ssl/private
drw-r----- 2 root ssl-cert 4096 Nov 18 21:10 .
-rwxrwxrwx 1 postgres postgres 1704 Set 4 11:26 ssl-cert-snakeoil.key

检查组组成

〜$ id postgres

uid = 114（postgres）gid = 127（postgres）组= 127（postgres），114（ssl-cert）

~$ id postgres
uid=114(postgres) gid=127(postgres) groups=127(postgres),114(ssl-cert)

我也注意到/ etc / ssl / certs /中的ssl-cert-snakeoil.pem文件没有符号链接。我不知道这有什么不同...

Also I noticed that my ssl-cert-snakeoil.pem file at /etc/ssl/certs/ doesn't have a symlink. I don't know if this makes any difference...

请帮我解决这个问题。

Please, help me sort this out.

谢谢。

编辑：应该将其发布在 serverfault 上吗？

Should it be posted on serverfault instead?

推荐答案

尝试将 postgres 用户添加到组 ssl-cert

运行以下代码可修复上述问题并修复权限

Run the below code to fix the above and fixing the permissions

# > It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
sudo gpasswd -a postgres ssl-cert

# Fixed ownership and mode
sudo chown root:ssl-cert  /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 740 /etc/ssl/private/ssl-cert-snakeoil.key

# now postgresql starts! (and install command doesn't fail anymore)
sudo /etc/init.d/postgresql start

库特西到GabLeRoux

courtsey to GabLeRoux

这篇关于致命：无法访问私钥文件“ /etc/ssl/private/ssl-cert-snakeoil.key”：权限被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！