[pgpool-general: 3507] Re: Pgpool can't read pool_passwd

[Camilo Flores]

Hello Tatsuo,

Thank you very much, that did the trick! I think I was assuming that the
"open" message error on the log was only to read the file, not to write to
it.

With the aim to contribute, may I ask why the process needs write
permission to pool_passwd file? I'm a little bit curious since in my mind
the less permissions a process needs the better and I just can't think why
should it need to write to that file.

Thank you very much again for your help and kind response.

Best regards,

Camilo


2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:

> You need write permission of pool_passwd for pgpool process.
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
> > Hi all,
> >
> > I'm currently having trouble with md5 auth on my current configuration,
> and
> > having looked everywhere with no luck I'm now asking for some help.
> >
> > I was already able to use pgpool using "trust" auth mode on pgpool and
> > backends but when switching to md5 mode I'm unable to login as the
> > following error message appears:
> >
> > psql: ERROR:  "MD5" authentication with pgpool failed for user "postgres"
> >
> > Looking at pgpool logs I found the following interesting lines:
> >
> > (when booting pgpool):
> >
> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
> > Permission denied
> >
> > (Later, when trying to connect):
> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
> > Permission denied
> > pool_get_passwd: passwd_fd is NULL
> > "MD5" authentication with pgpool failed for user "postgres"
> >
> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
> everything
> > looked fine. Trying some brute-force I run pgpool as the root user and
> md5
> > auth works OK. Given this, I supposed the issue was with file permissions
> > but I checked pool_passwd and was readable by the postgres user, which is
> > whom own the pgpool process when md5 auth doesn't work (I'm running
> pgpool
> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I tried to
> > confirm again that the postgres user is able to read pool_passwd and
> doing
> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
> >
> > TL;DR: When running pgpool as root md5 auth works, when not, md5 auth
> > doesn't and pgpool complains "permission_denied" to pool_passwd despite
> > having access to it.
> >
> > Could anyone tell me please if I am missing something? Is there a way to
> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
> > https://wiki.postgresql.org/wiki/Apt)
> >
> > Thanks!
> >
> > Camilo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20150310/d12f8e68/attachment.html>