[pgpool-general: 3545] Re: Pgpool can't read pool_passwd
Tatsuo Ishii
ishii at postgresql.org
Wed Mar 18 14:32:14 JST 2015
Thank you for the question. There are many ways:-)
- Sending patches to improve/fix pgpool-II. This is not necessarily
limited to the program code. Patches for documentations are also
welcome.
- Publishing case studies using pgpool-II. This will encourage users
those wish to use pgpool-II in their projects.
- SRA OSS, the company I'm working for, is sponsoring the budget for
developer's working time. So buying their services definitely help
them. Or you could pay some amount of money requesting particular
fix/enhancement of pgpool-II.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
From: Camilo Flores <camilo.ignacio at gmail.com>
Subject: Re: [pgpool-general: 3505] Pgpool can't read pool_passwd
Date: Mon, 16 Mar 2015 18:50:57 -0300
Message-ID: <CAP8ijCUCyxPCy_Eeh_G_cpZL=Nv3omMJki5U8Jc_Dg9yDnmdwQ at mail.gmail.com>
> Hello Tatsuo,
>
> Great to hear that! Thank you very much for fixing this and for this great
> software.
>
> Is there any way I can contribute back to the project?
>
> Regards!
>
> Camilo
>
> 2015-03-14 6:00 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>
>> Hi Camilo,
>>
>> I have fixed the problem in the git HEAD. So the fix will appear in
>> the next major release (a.k.a pgpool-II 3.5).
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>> > Hi Tatsuo,
>> >
>> > I think it's not a big problem but, as you say, I think it would be nice
>> to
>> > have this fixed someday.
>> >
>> > Thank you very much for the information and your time.
>> >
>> > Best regards,
>> >
>> > Camilo
>> >
>> > 2015-03-11 5:23 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>> >
>> >> Hello Camilo,
>> >>
>> >> Good question:-) Because pgpool main/child process does not modify the
>> >> file, yes, the write permission is not necessary for the process. It's
>> >> just because of sloppy implementation which shares the code between
>> >> pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
>> >> someday.
>> >>
>> >> Best regards,
>> >> --
>> >> Tatsuo Ishii
>> >> SRA OSS, Inc. Japan
>> >> English: http://www.sraoss.co.jp/index_en.php
>> >> Japanese:http://www.sraoss.co.jp
>> >>
>> >> > Hello Tatsuo,
>> >> >
>> >> > Thank you very much, that did the trick! I think I was assuming that
>> the
>> >> > "open" message error on the log was only to read the file, not to
>> write
>> >> to
>> >> > it.
>> >> >
>> >> > With the aim to contribute, may I ask why the process needs write
>> >> > permission to pool_passwd file? I'm a little bit curious since in my
>> mind
>> >> > the less permissions a process needs the better and I just can't think
>> >> why
>> >> > should it need to write to that file.
>> >> >
>> >> > Thank you very much again for your help and kind response.
>> >> >
>> >> > Best regards,
>> >> >
>> >> > Camilo
>> >> >
>> >> >
>> >> > 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>> >> >
>> >> >> You need write permission of pool_passwd for pgpool process.
>> >> >>
>> >> >> Best regards,
>> >> >> --
>> >> >> Tatsuo Ishii
>> >> >> SRA OSS, Inc. Japan
>> >> >> English: http://www.sraoss.co.jp/index_en.php
>> >> >> Japanese:http://www.sraoss.co.jp
>> >> >>
>> >> >> > Hi all,
>> >> >> >
>> >> >> > I'm currently having trouble with md5 auth on my current
>> >> configuration,
>> >> >> and
>> >> >> > having looked everywhere with no luck I'm now asking for some help.
>> >> >> >
>> >> >> > I was already able to use pgpool using "trust" auth mode on pgpool
>> and
>> >> >> > backends but when switching to md5 mode I'm unable to login as the
>> >> >> > following error message appears:
>> >> >> >
>> >> >> > psql: ERROR: "MD5" authentication with pgpool failed for user
>> >> "postgres"
>> >> >> >
>> >> >> > Looking at pgpool logs I found the following interesting lines:
>> >> >> >
>> >> >> > (when booting pgpool):
>> >> >> >
>> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
>> reason:
>> >> >> > Permission denied
>> >> >> >
>> >> >> > (Later, when trying to connect):
>> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
>> reason:
>> >> >> > Permission denied
>> >> >> > pool_get_passwd: passwd_fd is NULL
>> >> >> > "MD5" authentication with pgpool failed for user "postgres"
>> >> >> >
>> >> >> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
>> >> >> everything
>> >> >> > looked fine. Trying some brute-force I run pgpool as the root user
>> and
>> >> >> md5
>> >> >> > auth works OK. Given this, I supposed the issue was with file
>> >> permissions
>> >> >> > but I checked pool_passwd and was readable by the postgres user,
>> >> which is
>> >> >> > whom own the pgpool process when md5 auth doesn't work (I'm running
>> >> >> pgpool
>> >> >> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I
>> >> tried to
>> >> >> > confirm again that the postgres user is able to read pool_passwd
>> and
>> >> >> doing
>> >> >> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
>> >> >> >
>> >> >> > TL;DR: When running pgpool as root md5 auth works, when not, md5
>> auth
>> >> >> > doesn't and pgpool complains "permission_denied" to pool_passwd
>> >> despite
>> >> >> > having access to it.
>> >> >> >
>> >> >> > Could anyone tell me please if I am missing something? Is there a
>> way
>> >> to
>> >> >> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
>> >> >> > https://wiki.postgresql.org/wiki/Apt)
>> >> >> >
>> >> >> > Thanks!
>> >> >> >
>> >> >> > Camilo
>> >> >>
>> >>
>>
More information about the pgpool-general
mailing list