[pgpool-general: 3512] Re: Pgpool can't read pool_passwd

Sat Mar 14 18:00:35 JST 2015

Hi Camilo,

I have fixed the problem in the git HEAD. So the fix will appear in
the next major release (a.k.a pgpool-II 3.5).

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

> Hi Tatsuo,
> 
> I think it's not a big problem but, as you say, I think it would be nice to
> have this fixed someday.
> 
> Thank you very much for the information and your time.
> 
> Best regards,
> 
> Camilo
> 
> 2015-03-11 5:23 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> 
>> Hello Camilo,
>>
>> Good question:-) Because pgpool main/child process does not modify the
>> file, yes, the write permission is not necessary for the process. It's
>> just because of sloppy implementation which shares the code between
>> pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
>> someday.
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>> > Hello Tatsuo,
>> >
>> > Thank you very much, that did the trick! I think I was assuming that the
>> > "open" message error on the log was only to read the file, not to write
>> to
>> > it.
>> >
>> > With the aim to contribute, may I ask why the process needs write
>> > permission to pool_passwd file? I'm a little bit curious since in my mind
>> > the less permissions a process needs the better and I just can't think
>> why
>> > should it need to write to that file.
>> >
>> > Thank you very much again for your help and kind response.
>> >
>> > Best regards,
>> >
>> > Camilo
>> >
>> >
>> > 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>> >
>> >> You need write permission of pool_passwd for pgpool process.
>> >>
>> >> Best regards,
>> >> --
>> >> Tatsuo Ishii
>> >> SRA OSS, Inc. Japan
>> >> English: http://www.sraoss.co.jp/index_en.php
>> >> Japanese:http://www.sraoss.co.jp
>> >>
>> >> > Hi all,
>> >> >
>> >> > I'm currently having trouble with md5 auth on my current
>> configuration,
>> >> and
>> >> > having looked everywhere with no luck I'm now asking for some help.
>> >> >
>> >> > I was already able to use pgpool using "trust" auth mode on pgpool and
>> >> > backends but when switching to md5 mode I'm unable to login as the
>> >> > following error message appears:
>> >> >
>> >> > psql: ERROR:  "MD5" authentication with pgpool failed for user
>> "postgres"
>> >> >
>> >> > Looking at pgpool logs I found the following interesting lines:
>> >> >
>> >> > (when booting pgpool):
>> >> >
>> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
>> >> > Permission denied
>> >> >
>> >> > (Later, when trying to connect):
>> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd. reason:
>> >> > Permission denied
>> >> > pool_get_passwd: passwd_fd is NULL
>> >> > "MD5" authentication with pgpool failed for user "postgres"
>> >> >
>> >> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
>> >> everything
>> >> > looked fine. Trying some brute-force I run pgpool as the root user and
>> >> md5
>> >> > auth works OK. Given this, I supposed the issue was with file
>> permissions
>> >> > but I checked pool_passwd and was readable by the postgres user,
>> which is
>> >> > whom own the pgpool process when md5 auth doesn't work (I'm running
>> >> pgpool
>> >> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I
>> tried to
>> >> > confirm again that the postgres user is able to read pool_passwd and
>> >> doing
>> >> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
>> >> >
>> >> > TL;DR: When running pgpool as root md5 auth works, when not, md5 auth
>> >> > doesn't and pgpool complains "permission_denied" to pool_passwd
>> despite
>> >> > having access to it.
>> >> >
>> >> > Could anyone tell me please if I am missing something? Is there a way
>> to
>> >> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
>> >> > https://wiki.postgresql.org/wiki/Apt)
>> >> >
>> >> > Thanks!
>> >> >
>> >> > Camilo
>> >>
>>