[pgpool-general: 3545] Re: Pgpool can't read pool_passwd

Tatsuo Ishii ishii at postgresql.org
Wed Mar 18 14:32:14 JST 2015 

Thank you for the question. There are many ways:-)

- Sending patches to improve/fix pgpool-II. This is not necessarily
  limited to the program code. Patches for documentations are also
  welcome.

- Publishing case studies using pgpool-II. This will encourage users
  those wish to use pgpool-II in their projects.

- SRA OSS, the company I'm working for, is sponsoring the budget for
  developer's working time. So buying their services definitely help
  them. Or you could pay some amount of money requesting particular
  fix/enhancement of pgpool-II.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

From: Camilo Flores <camilo.ignacio at gmail.com>
Subject: Re: [pgpool-general: 3505] Pgpool can't read pool_passwd
Date: Mon, 16 Mar 2015 18:50:57 -0300
Message-ID: <CAP8ijCUCyxPCy_Eeh_G_cpZL=Nv3omMJki5U8Jc_Dg9yDnmdwQ at mail.gmail.com>

> Hello Tatsuo,
> 
> Great to hear that! Thank you very much for fixing this and for this great
> software.
> 
> Is there any way I can contribute back to the project?
> 
> Regards!
> 
> Camilo
> 
> 2015-03-14 6:00 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
> 
>> Hi Camilo,
>>
>> I have fixed the problem in the git HEAD. So the fix will appear in
>> the next major release (a.k.a pgpool-II 3.5).
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>> > Hi Tatsuo,
>> >
>> > I think it's not a big problem but, as you say, I think it would be nice
>> to
>> > have this fixed someday.
>> >
>> > Thank you very much for the information and your time.
>> >
>> > Best regards,
>> >
>> > Camilo
>> >
>> > 2015-03-11 5:23 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>> >
>> >> Hello Camilo,
>> >>
>> >> Good question:-) Because pgpool main/child process does not modify the
>> >> file, yes, the write permission is not necessary for the process. It's
>> >> just because of sloppy implementation which shares the code between
>> >> pgpool and pg_md5 (pg_md5 needs write privilege). We should fix it
>> >> someday.
>> >>
>> >> Best regards,
>> >> --
>> >> Tatsuo Ishii
>> >> SRA OSS, Inc. Japan
>> >> English: http://www.sraoss.co.jp/index_en.php
>> >> Japanese:http://www.sraoss.co.jp
>> >>
>> >> > Hello Tatsuo,
>> >> >
>> >> > Thank you very much, that did the trick! I think I was assuming that
>> the
>> >> > "open" message error on the log was only to read the file, not to
>> write
>> >> to
>> >> > it.
>> >> >
>> >> > With the aim to contribute, may I ask why the process needs write
>> >> > permission to pool_passwd file? I'm a little bit curious since in my
>> mind
>> >> > the less permissions a process needs the better and I just can't think
>> >> why
>> >> > should it need to write to that file.
>> >> >
>> >> > Thank you very much again for your help and kind response.
>> >> >
>> >> > Best regards,
>> >> >
>> >> > Camilo
>> >> >
>> >> >
>> >> > 2015-03-10 19:31 GMT-03:00 Tatsuo Ishii <ishii at postgresql.org>:
>> >> >
>> >> >> You need write permission of pool_passwd for pgpool process.
>> >> >>
>> >> >> Best regards,
>> >> >> --
>> >> >> Tatsuo Ishii
>> >> >> SRA OSS, Inc. Japan
>> >> >> English: http://www.sraoss.co.jp/index_en.php
>> >> >> Japanese:http://www.sraoss.co.jp
>> >> >>
>> >> >> > Hi all,
>> >> >> >
>> >> >> > I'm currently having trouble with md5 auth on my current
>> >> configuration,
>> >> >> and
>> >> >> > having looked everywhere with no luck I'm now asking for some help.
>> >> >> >
>> >> >> > I was already able to use pgpool using "trust" auth mode on pgpool
>> and
>> >> >> > backends but when switching to md5 mode I'm unable to login as the
>> >> >> > following error message appears:
>> >> >> >
>> >> >> > psql: ERROR:  "MD5" authentication with pgpool failed for user
>> >> "postgres"
>> >> >> >
>> >> >> > Looking at pgpool logs I found the following interesting lines:
>> >> >> >
>> >> >> > (when booting pgpool):
>> >> >> >
>> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
>> reason:
>> >> >> > Permission denied
>> >> >> >
>> >> >> > (Later, when trying to connect):
>> >> >> > pool_init_pool_passwd: couldn't open /etc/pgpool2/pool_passwd.
>> reason:
>> >> >> > Permission denied
>> >> >> > pool_get_passwd: passwd_fd is NULL
>> >> >> > "MD5" authentication with pgpool failed for user "postgres"
>> >> >> >
>> >> >> > I double checked pgpool.cong, pool_hba.conf and pool_passwd and
>> >> >> everything
>> >> >> > looked fine. Trying some brute-force I run pgpool as the root user
>> and
>> >> >> md5
>> >> >> > auth works OK. Given this, I supposed the issue was with file
>> >> permissions
>> >> >> > but I checked pool_passwd and was readable by the postgres user,
>> >> which is
>> >> >> > whom own the pgpool process when md5 auth doesn't work (I'm running
>> >> >> pgpool
>> >> >> > as a "service" on Debian wheezy via /etc/init.d/pgpool start). I
>> >> tried to
>> >> >> > confirm again that the postgres user is able to read pool_passwd
>> and
>> >> >> doing
>> >> >> > a "sudo su -c 'cat /etc/pgpool2/pool_passwd' postgres" works ok.
>> >> >> >
>> >> >> > TL;DR: When running pgpool as root md5 auth works, when not, md5
>> auth
>> >> >> > doesn't and pgpool complains "permission_denied" to pool_passwd
>> >> despite
>> >> >> > having access to it.
>> >> >> >
>> >> >> > Could anyone tell me please if I am missing something? Is there a
>> way
>> >> to
>> >> >> > debug this? BTW I'm using pgpool provided by pgdg apt repository (
>> >> >> > https://wiki.postgresql.org/wiki/Apt)
>> >> >> >
>> >> >> > Thanks!
>> >> >> >
>> >> >> > Camilo
>> >> >>
>> >>
>>

More information about the pgpool-general mailing list