Package: postgresql-common Version: 30 Severity: wishlist Hi, I tried to change /etc/postgresql-common/postgresql.pem's permissions to:
-rw-r----- 1 root postgres 887 2005-11-28 18:12 postgresql.pem which seems safer to me (a succesful attacker won't be able to change the key file), and after trying to start the server: estia:0:~# invoke-rc.d postgresql-8.0 start Starting PostgreSQL 8.0 database server: mainThe PostgreSQL server failed to start. Please check the log output: FATAL: unsafe permissions on private key file "/var/lib/postgresql/8.0/main/server.key" DETAIL: File must be owned by the database user and must have no permissions for "group" or "other". failed! As a sidenote, postgresql.pem's permissions should really be: -rw------- 1 root root 887 2005-11-28 18:12 postgresql.pem and PostgreSQL should open the file as root and then setuid to postgresql. I suggest at least the 1st solution be made default (if the 2nd is too difficult/time-consuming to implement). Many thanks for your work! Cheers, Antonio PS: Shouldn't the initscript return a non-zero exit code if it fails? -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (700, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.13-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages postgresql-common depends on: ii adduser 3.77 Add and remove users and groups Versions of packages postgresql-common recommends: ii openssl 0.9.8a-3 Secure Socket Layer (SSL) binary a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
