[pgpool-general: 3523] Re: Pgpool can't read pool_passwd

Camilo Flores camilo.ignacio at gmail.com
Tue Mar 17 06:50:57 JST 2015 

Hello Tatsuo,

Great to hear that! Thank you very much for fixing this and for this great
software.

Is there any way I can contribute back to the project?

Regards!

Camilo

2015-03-14 6:00 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:

> Hi Camilo,
>
> I have fixed the problem in the git HEAD. So the fix will appear in
> the next major release (a.k.a pgpool-II 3.5).
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
> > Hi Tatsuo,
> >
> > I think it's not a big problem but, as you say, I think it would be nice
> to
> > have this fixed someday.
> >
> > Thank you very much for the information and your time.
> >
> > Best regards,
> >
> > Camilo
> >
> > 2015-03-11 5:23 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> >
> >> Hello Camilo,
> >>
> >> Good question:-) Because pgpool main/child process does not modify the
> >> file, yes, the write permission is not necessary for the process. It's
> >> just because of sloppy implementation which shares the code between
> >> pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
> >> someday.
> >>
> >> Best regards,
> >> --
> >> Tatsuo Ishii
> >> SRA OSS, Inc. Japan
> >> English: http://www.sraoss.co.jp/index_en.php
> >> Japanese:http://www.sraoss.co.jp
> >>
> >> > Hello Tatsuo,
> >> >
> >> > Thank you very much, that did the trick! I think I was assuming that
> the
> >> > "open" message error on the log was only to read the file, not to
> write
> >> to
> >> > it.
> >> >
> >> > With the aim to contribute, may I ask why the process needs write
> >> > permission to pool_passwd file? I'm a little bit curious since in my
> mind
> >> > the less permissions a process needs the better and I just can't think
> >> why
> >> > should it need to write to that file.
> >> >
> >> > Thank you very much again for your help and kind response.
> >> >
> >> > Best regards,
> >> >
> >> > Camilo
> >> >
> >> >
> >> > 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> >> >
> >> >> You need write permission of pool_passwd for pgpool process.
> >> >>
> >> >> Best regards,
> >> >> --
> >> >> Tatsuo Ishii
> >> >> SRA OSS, Inc. Japan
> >> >> English: http://www.sraoss.co.jp/index_en.php
> >> >> Japanese:http://www.sraoss.co.jp
> >> >>
> >> >> > Hi all,
> >> >> >
> >> >> > I'm currently having trouble with md5 auth on my current
> >> configuration,
> >> >> and
> >> >> > having looked everywhere with no luck I'm now asking for some help.
> >> >> >
> >> >> > I was already able to use pgpool using "trust" auth mode on pgpool
> and
> >> >> > backends but when switching to md5 mode I'm unable to login as the
> >> >> > following error message appears:
> >> >> >
> >> >> > psql: ERROR:  "MD5" authentication with pgpool failed for user
> >> "postgres"
> >> >> >
> >> >> > Looking at pgpool logs I found the following interesting lines:
> >> >> >
> >> >> > (when booting pgpool):
> >> >> >
> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
> reason:
> >> >> > Permission denied
> >> >> >
> >> >> > (Later, when trying to connect):
> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
> reason:
> >> >> > Permission denied
> >> >> > pool_get_passwd: passwd_fd is NULL
> >> >> > "MD5" authentication with pgpool failed for user "postgres"
> >> >> >
> >> >> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
> >> >> everything
> >> >> > looked fine. Trying some brute-force I run pgpool as the root user
> and
> >> >> md5
> >> >> > auth works OK. Given this, I supposed the issue was with file
> >> permissions
> >> >> > but I checked pool_passwd and was readable by the postgres user,
> >> which is
> >> >> > whom own the pgpool process when md5 auth doesn't work (I'm running
> >> >> pgpool
> >> >> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I
> >> tried to
> >> >> > confirm again that the postgres user is able to read pool_passwd
> and
> >> >> doing
> >> >> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
> >> >> >
> >> >> > TL;DR: When running pgpool as root md5 auth works, when not, md5
> auth
> >> >> > doesn't and pgpool complains "permission_denied" to pool_passwd
> >> despite
> >> >> > having access to it.
> >> >> >
> >> >> > Could anyone tell me please if I am missing something? Is there a
> way
> >> to
> >> >> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
> >> >> > https://wiki.postgresql.org/wiki/Apt)
> >> >> >
> >> >> > Thanks!
> >> >> >
> >> >> > Camilo
> >> >>
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20150316/8ba93200/attachment-0001.html>

More information about the pgpool-general mailing list