[pgpool-general: 3508] Re: Pgpool can't read pool_passwd

Tatsuo Ishii ishii at postgresql.org
Wed Mar 11 17:23:36 JST 2015 

Hello Camilo,

Good question:-) Because pgpool main/child process does not modify the
file, yes, the write permission is not necessary for the process. It's
just because of sloppy implementation which shares the code between
pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
someday.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

> Hello Tatsuo,
> 
> Thank you very much, that did the trick! I think I was assuming that the
> "open" message error on the log was only to read the file, not to write to
> it.
> 
> With the aim to contribute, may I ask why the process needs write
> permission to pool_passwd file? I'm a little bit curious since in my mind
> the less permissions a process needs the better and I just can't think why
> should it need to write to that file.
> 
> Thank you very much again for your help and kind response.
> 
> Best regards,
> 
> Camilo
> 
> 
> 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> 
>> You need write permission of pool_passwd for pgpool process.
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>> > Hi all,
>> >
>> > I'm currently having trouble with md5 auth on my current configuration,
>> and
>> > having looked everywhere with no luck I'm now asking for some help.
>> >
>> > I was already able to use pgpool using "trust" auth mode on pgpool and
>> > backends but when switching to md5 mode I'm unable to login as the
>> > following error message appears:
>> >
>> > psql: ERROR:  "MD5" authentication with pgpool failed for user "postgres"
>> >
>> > Looking at pgpool logs I found the following interesting lines:
>> >
>> > (when booting pgpool):
>> >
>> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
>> > Permission denied
>> >
>> > (Later, when trying to connect):
>> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
>> > Permission denied
>> > pool_get_passwd: passwd_fd is NULL
>> > "MD5" authentication with pgpool failed for user "postgres"
>> >
>> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
>> everything
>> > looked fine. Trying some brute-force I run pgpool as the root user and
>> md5
>> > auth works OK. Given this, I supposed the issue was with file permissions
>> > but I checked pool_passwd and was readable by the postgres user, which is
>> > whom own the pgpool process when md5 auth doesn't work (I'm running
>> pgpool
>> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I tried to
>> > confirm again that the postgres user is able to read pool_passwd and
>> doing
>> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
>> >
>> > TL;DR: When running pgpool as root md5 auth works, when not, md5 auth
>> > doesn't and pgpool complains "permission_denied" to pool_passwd despite
>> > having access to it.
>> >
>> > Could anyone tell me please if I am missing something? Is there a way to
>> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
>> > https://wiki.postgresql.org/wiki/Apt)
>> >
>> > Thanks!
>> >
>> > Camilo
>>

More information about the pgpool-general mailing list