[Postgres]postgresql.conf : Permission denied處理一法

使用yum安裝完postgresql，沒有使用默認的DATA地址，自己配置了DATA地址以后，使用root權限啟動service

service postgresql start

，報出了"FAILED"

不解，檢查Log文件 /var/lib/pgsql/pgstartup.log. 發現如下記錄

postmaster cannot access the server configuration file

"/var/lib/pgsql/data/postgresql.conf": Permission denied

於是檢查postgres用戶的文件權限，沒有明顯的問題，可讀可寫（忘了好像是700），於是上網一查，基本懷疑問題在SELinux上

先檢查SELinux狀態

# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /selinux

Current mode:                   enforcing

Mode from config file:          enforcing

Policy version:                 21

Policy from config file:        targeted

 

果然是運行狀態，並且還是在"enforcing"模式，檢查SELinux的Log(大部分情況在/var/log/audit/，有時也會被配置到/var/log/messages)

# grep postgres /var/log/audit/audit.log | grep denied | tail -1

 

type=AVC msg=audit(1234567890.334:432): avc:  denied  { read } for

pid=1234 comm="postmaster" name="pgsql" dev=newpgdisk ino=403123 

scontext=user_u:system_r:postgresql_t:s0

tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file

有一條拒絕記錄！就這玩意干的。

這里說個最簡單干脆的方法，停用SELinux.

編輯/etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

 

將SELINUX=enforcing 改成 SELINUX=permissive或者SELINUX=disabled，重啟系統

再次啟動postgresql，問題解決

可參考:http://blog.endpoint.com/2009/09/permission-denied-for-postgresqlconf.html

http://www.crypt.gen.nz/selinux/disable_selinux.html

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html