I'm getting this error when I try to configure ssl with postgres:
pr 23 13:12:47 pgmaster01 pg_ctl: FATAL: private key file "/etc/ssl/pgmaster01-key.pem" has group or world access Apr 23 13:12:47 pgmaster01 pg_ctl: DETAIL: Permissions should be u=rw (0600) or less.
The actual permission is:
centos@pgmaster01 ~]$ ls -l /etc/ssl/pgmaster01-key.pem -r--r----- 1 root ssl-read 3243 Apr 23 00:00 /etc/ssl/pgmaster01-key.pem
The postgres user is part of the ssl-read group. This ssl key is shared with other software as well, so giving exclusive access to the postgres user is NOT an option.
I understand why postgres complains, but I'm pretty sure about what I'm doing here. How can I tell postgres to start anyway, even when it doesn't like those permissions?
I'm the admin here, it's up to me to decide to implement my security setup, not the software itself.
You should not share the private key you use for PostgreSQL with some other application.
If you know what you are doing and you are on Linux, you could cheat by setting the permissions that PostgreSQL requests and allowing other users access with Access Control Lists. This requires mounting the root file system with the
acl mount option and using
setfacl to set ACLs for additional users that are allowed access.