Postgres won't start after reboot

OS type and version Debian Linux 11
Webmin version 2.013
Usermin version 1.861
Virtualmin version 7.5
Theme version 20.13
Package updates All installed packages are up to date

First I get a message that a module is missing in webmin so did ‘click here’ to install.
Now I’m getting permission errors.
FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied

Postgres is pretty clear about permissions and mine seemed wrong.
-rwxr-x— 1 root root 5742 Feb 18 16:40 ssl-cert-snakeoil.pem

On Unix systems, the permissions on server.key must disallow any access to world or group; achieve this by the command chmod 0600 server.key. Alternatively, the file can be owned by root and have group read access (that is, 0640 permissions). That setup is intended for installations where certificate and key files are managed by the operating system. The user under which the PostgreSQL server runs should then be made a member of the group that has access to those certificate and key files.

root@main:/etc/ssl/certs# groups postgres

From /etc/groups
postgres : postgres ssl-cert

No combination of owners:groups or 0600 or 640 seem to help.

Can someone check their system and tell me how theirs is set?

It’s owned by root, but postgres doesn’t run as root. I don’t have any systems with postgres on them, but I would assume it would need to be owned by the postgres user (whatever user that is).

User is postgres. Tried postgres:postgres postgress:root and even tried some combinations with ssl-cert thrown in. Not what changed it. I have at least one active DB. Mailman with 388 users. I did a backup of everything before I rebooted so I might just try a re-install at this point and restore the db.

This makes no sense but I’ve spent enough time on it. I’ll wait and see if anyone else chimes in because the server isn’t really in full use right now and I’d like to try and avoid the re-install. Thanks for the reply.

This is what the key looks like:
-rwxr-x— 1 root ssl-cert 1704 Feb 18 16:40 ssl-cert-snakeoil.key

Tried those permissions and owners. Nope.

So, moved them to the postgres lib, changed owner to postgres and chmod 600 and it works. Not gonna worry too much about it right now I guess. Not sure WTF happened. It was this or no cert.

Where did ssl-cert come from? I don’t think I’ve ever seen that group on any of my systems.

Not sure when/where it is generated in the process. I don’t put too much to the VM I have running because it is on a private IP and that breaks some stuff. I did fire it up this morning and everything matches what I found on the server. So, mystery only grows.

root@test:~# ls -lath /etc/ssl/certs/ssl-cert-snakeoil.pem
-rw-r–r-- 1 root root 1.1K Jan 19 17:56 /etc/ssl/certs/ssl-cert-snakeoil.pem
root@test:~# ls -lath /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 1.7K Jan 19 17:56 /etc/ssl/private/ssl-cert-snakeoil.key

Same goes relevant /etc/groups entries. Yet, postgresql is running there.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.