[pgpool-general: 3509] Re: Pgpool can't read pool_passwd

Wed Mar 11 20:42:04 JST 2015

Hi Tatsuo,

I think it's not a big problem but, as you say, I think it would be nice to
have this fixed someday.

Thank you very much for the information and your time.

Best regards,

Camilo

2015-03-11 5:23 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:

> Hello Camilo,
>
> Good question:-) Because pgpool main/child process does not modify the
> file, yes, the write permission is not necessary for the process. It's
> just because of sloppy implementation which shares the code between
> pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
> someday.
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
> > Hello Tatsuo,
> >
> > Thank you very much, that did the trick! I think I was assuming that the
> > "open" message error on the log was only to read the file, not to write
> to
> > it.
> >
> > With the aim to contribute, may I ask why the process needs write
> > permission to pool_passwd file? I'm a little bit curious since in my mind
> > the less permissions a process needs the better and I just can't think
> why
> > should it need to write to that file.
> >
> > Thank you very much again for your help and kind response.
> >
> > Best regards,
> >
> > Camilo
> >
> >
> > 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> >
> >> You need write permission of pool_passwd for pgpool process.
> >>
> >> Best regards,
> >> --
> >> Tatsuo Ishii
> >> SRA OSS, Inc. Japan
> >> English: http://www.sraoss.co.jp/index_en.php
> >> Japanese:http://www.sraoss.co.jp
> >>
> >> > Hi all,
> >> >
> >> > I'm currently having trouble with md5 auth on my current
> configuration,
> >> and
> >> > having looked everywhere with no luck I'm now asking for some help.
> >> >
> >> > I was already able to use pgpool using "trust" auth mode on pgpool and
> >> > backends but when switching to md5 mode I'm unable to login as the
> >> > following error message appears:
> >> >
> >> > psql: ERROR:  "MD5" authentication with pgpool failed for user
> "postgres"
> >> >
> >> > Looking at pgpool logs I found the following interesting lines:
> >> >
> >> > (when booting pgpool):
> >> >
> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
> >> > Permission denied
> >> >
> >> > (Later, when trying to connect):
> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
> >> > Permission denied
> >> > pool_get_passwd: passwd_fd is NULL
> >> > "MD5" authentication with pgpool failed for user "postgres"
> >> >
> >> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
> >> everything
> >> > looked fine. Trying some brute-force I run pgpool as the root user and
> >> md5
> >> > auth works OK. Given this, I supposed the issue was with file
> permissions
> >> > but I checked pool_passwd and was readable by the postgres user,
> which is
> >> > whom own the pgpool process when md5 auth doesn't work (I'm running
> >> pgpool
> >> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I
> tried to
> >> > confirm again that the postgres user is able to read pool_passwd and
> >> doing
> >> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
> >> >
> >> > TL;DR: When running pgpool as root md5 auth works, when not, md5 auth
> >> > doesn't and pgpool complains "permission_denied" to pool_passwd
> despite
> >> > having access to it.
> >> >
> >> > Could anyone tell me please if I am missing something? Is there a way
> to
> >> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
> >> > https://wiki.postgresql.org/wiki/Apt)
> >> >
> >> > Thanks!
> >> >
> >> > Camilo
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20150311/f4846264/attachment.html>