| View previous topic :: View next topic |
| Author |
Message |
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
 Posted: Wed Oct 30, 2002 4:47 pm Post subject: PostgreSQL and su problems |
 |
|
I really need to be able to start PostgreSQL. Please help. Here is my story:
Wanted to initialize PostgreSQL so tried to , but did not work. Found the postgres user shell (along with a lot of others) to be /bin/false.
Question 1: What is the use of having a user in /etc/passwd if the shell is /bin/false?
So changed the shell to /bin/sh. Now I could and initialize PostgreSQL. But next I found that Postgresql does not start up on booting. So from root and tried to start PostgreSQL with | Code: | | /etc/init.d/postgres start |
. But the PostgreSQL init.d script is and it needs to | Code: | | cat /mnt/.init.d/softlevel |
which only root has permissions to. However, the PostgreSQL init script does so it cannot read | Code: | | /mnt/.init.d/softlevel |
.
Question 2: How does one initialize PostgreSQL in Gentoo on boot?
Next tried to work from a regular user's account, who was in the postgres group. But because PostgreSQL was initialized by user postgres and the permissions on the PosgreSQL files were 700 this wasn't good enough.
Read the man page for suauth. Thought that maybe the user account could su to postgres and start PostgreSQL. So put the line | Code: | | postgres:mel:NOPASS |
into /etc/suauth and tried from the mel account. But it asks me for a password.
Question 3: Why does suauth not work as documented?
Tried from the regular users account but permission to PostgreSQL files was denied. Found that I could start PostgreSQL by from root and then (PGDATA and PGUSER) are set in the postgres environment. However, the command | Code: | | su - postgres -c 'postmaster -i' |
gives the error | Code: | | postmaster does not know where to find the database system data |
Question 4: Why do I not get the same environment with
| Code: | | su - postgres -c 'postmaster -i' |
as I do with
| Code: | su - postgres
postmaster -i |
?
Thank you for your assistance.
-- Michael[/b] |
|
| Back to top |
|
 |
klieber
Administrator
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Wed Oct 30, 2002 5:14 pm Post subject: Re: PostgreSQL and su problems |
|
|
| sheepdog wrote: | | Question 1: What is the use of having a user in /etc/passwd if the shell is /bin/false? |
Because there is no need for that process to log on interactively (i.e. in a shell environment.)
| sheepdog wrote: | | Now I could and initialize PostgreSQL. |
Um...I've never used Postgres before, but unless it's wildly different than all other linux software I've ever touched, you don't need to su to that user. Just be logged in as root and type:
| Code: | | /etc/init.d/postgres start |
| sheepdog wrote: | | Question 2: How does one initialize PostgreSQL in Gentoo on boot? |
As root, do:
| Code: | | rc-update add postgres default |
| sheepdog wrote: | | Question 3: Why does suauth not work as documented? |
It does, but you may not be interpreting the documentation the right way. What do your auth logs say about the su attempt?
| sheepdog wrote: | Question 4: Why do I not get the same environment with
| Code: | | su - postgres -c 'postmaster -i' |
as I do with
| Code: | su - postgres
postmaster -i |
|
I haven't the slightest idea, but I can say that you're making things a whole lot harder than they need to be.
You do not need to be logged in as a user in order to start a process under that UID. That seems to be your biggest misunderstanding.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Wed Oct 30, 2002 5:32 pm Post subject: It is "wildly different". |
|
|
| Quote: | | Um...I've never used Postgres before, but unless it's wildly different than all other linux software I've ever touched, you don't need to su to that user. |
Kurt:
PostgreSQL does not allow root to start it, for security reasons. Please do a little more investigation before you assume someone is completely ignorant. The problem is that the /etc/init.d/postgresql script provided with the emerge leaves the system in a state in which PostgreSQL seems to have been started but the start actually failed, i.e., /mnt/.init.d/started/postgresql has a link but the database is actually not running.
-- Michael |
|
| Back to top |
|
|
klieber
Administrator
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Wed Oct 30, 2002 5:47 pm Post subject: Re: It is "wildly different". |
|
|
| sheepdog wrote: | | PostgreSQL does not allow root to start it, for security reasons. Please do a little more investigation before you assume someone is completely ignorant. |
As I mentioned, I hadn't ever used postgres before. However, with Apache, you can configure what user it runs under via the apache.conf file and do not have to be logged in as that user to start the httpd daemon.
As for whether or not I was assuming ignorance, may I suggest that you remove that chip from your shoulder as it seems to be impeding your vision.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Wed Oct 30, 2002 6:29 pm Post subject: Solution to Question 2 |
|
|
Discovered that the script environment for initialization scripts in /etc/init.d are read from files in /etc/conf.d. Thus updating the paths in the /etc/conf.d/postgresql file then provides the proper environment for PostgreSQL to initialize on boot.
Still curious about Questions 1, 3 and 4.
-- Michael
P.S. It may be of interest to others how this was discoverd. Create a shell script containing
| Code: |
#!/sbin/runscript
echo test
|
and run it. The output has a wealth of information. At the bottom it lists the configuration files associated with this rc-script.
Last edited by sheepdog on Wed Oct 30, 2002 6:38 pm; edited 1 time in total |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 15989
Location: Colorado
|
| Posted: Wed Oct 30, 2002 6:37 pm Post subject: Re: PostgreSQL and su problems |
|
|
| klieber wrote: | | sheepdog wrote: | | Question 1: What is the use of having a user in /etc/passwd if the shell is /bin/false? |
Because there is no need for that process to log on interactively (i.e. in a shell environment.)
| sheepdog wrote: | | Question 3: Why does suauth not work as documented? |
It does, but you may not be interpreting the documentation the right way. What do your auth logs say about the su attempt? |
_________________
Safety is my gaol.
US Constitution | Amendments |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Wed Oct 30, 2002 6:43 pm Post subject: Re: PostgreSQL and su problems |
|
|
[quote="kanuslupus"] | klieber wrote: | | sheepdog wrote: | | Question 1: What is the use of having a user in /etc/passwd if the shell is /bin/false? |
Because there is no need for that process to log on interactively (i.e. in a shell environment.) |
O.k. So I put postgres back to /bin/false and tried to /etc/init.d/postgresql start and it failed. Put it back to /bin/sh and it works. Still not clear what use /bin/false is. Is there a good example of it's purpose?
-- Michael |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 15989
Location: Colorado
|
| Posted: Wed Oct 30, 2002 7:07 pm Post subject: |
|
|
In general, that is its purpse. I didn't intend to imply that it did or didn't work with Postgres. Setting the shell to /bin/false prevents interactive logins. Mainly a security feature.
_________________
Safety is my gaol.
US Constitution | Amendments |
|
| Back to top |
|
|
klieber
Administrator
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Wed Oct 30, 2002 7:12 pm Post subject: Re: PostgreSQL and su problems |
|
|
| sheepdog wrote: | | Still not clear what use /bin/false is. Is there a good example of it's purpose? |
RTFM:
or
| The info page for false wrote: | `false': Do nothing, unsuccessfully
===================================
`false' does nothing except return an exit status of 1, meaning
"failure". It can be used as a place holder in shell scripts where an
unsuccessful command is needed.
By default, `false' honors the `--help' and `--version' options.
However, that is contrary to POSIX, so when the environment variable
`POSIXLY_CORRECT' is set, `false' ignores _all_ command line arguments,
including `--help' and `--version'.
This version of `false' is implemented as a C program, and is thus
more secure and faster than a shell script implementation, and may
safely be used as a dummy shell for the purpose of disabling accounts.
|
So, when you don't want a user to have interactive access on your machine, you substitute /bin/false for the shell. That allows processes to be run as that UID, but nobody can log on to a terminal using that UID.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Wed Oct 30, 2002 9:23 pm Post subject: Re: PostgreSQL and su problems |
|
|
| klieber wrote: | | That allows processes to be run as that UID, but nobody can log on to a terminal using that UID. |
I see. That makes it clear. Thank you, Kurt. Sorry if my previous remark gave offense.
-- Michael |
|
| Back to top |
|
|
zephyr
n00b
Joined: 12 Sep 2002
Posts: 17
|
| Posted: Thu Oct 31, 2002 2:15 pm Post subject: |
|
|
| I am also facing the same problem and would like to know how to get postgresql to start from boot. I have already did "rc-update add postgresql default", but it keeps failing. How was it designed to work? The documentation or Changelog does not mentioned anything. Any help would be greatly appreciated. |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Thu Oct 31, 2002 7:00 pm Post subject: |
|
|
| zephyr wrote: | | I am also facing the same problem and would like to know how to get postgresql to start from boot. I have already did "rc-update add postgresql default", but it keeps failing. How was it designed to work? The documentation or Changelog does not mentioned anything. Any help would be greatly appreciated. |
Can you su to postgres from root? If not then
code]usermod -s /home/postgres -m postgres[/code]
Have you initialized PostgreSQL? The command would be something like
| Code: | | initdb -D /home/postgres/data |
The directory should exist first.
Have you modified /etc/conf.d/postgres to contain the correct paths for the newly inited database?
If you have done all of this then
| Code: | | /etc/init.d/postgresql start/stop |
should work.
Let me know if you need more help.
-- Michael |
|
| Back to top |
|
|
zephyr
n00b
Joined: 12 Sep 2002
Posts: 17
|
| Posted: Thu Oct 31, 2002 7:57 pm Post subject: |
|
|
| I can't su into postgres from root, my default shell for postgres is /sbin/false. Must I change it to something else? |
|
| Back to top |
|
|
sheepdog
Guru
Joined: 14 Oct 2002
Posts: 369
Location: Edison Enterprises Inc., Lake Oswego, Oregon, USA
|
| Posted: Thu Oct 31, 2002 8:32 pm Post subject: yes |
|
|
| zephyr wrote: | | I can't su into postgres from root, my default shell for postgres is /sbin/false. Must I change it to something else? |
Yes. Change it to /bin/bash with
| Code: | | usermod -s /bin/bash -m postgres |
-- Michael |
|
| Back to top |
|
|
ptheborg
n00b
Joined: 27 Jun 2002
Posts: 67
Location: Rotterdam, The Netherlands
|
| Posted: Fri Nov 01, 2002 11:28 am Post subject: |
|
|
Yeah, I ran into the same problem.......
But the only thing I did was manually simply removing /bin/false from the passwd file and creating a postgresql.log file in /var/log/ owned by postgres and its gid set.
Then everything worked.
But indeed very strange that the postgres process can't be started without suing to postgres......and therefore needs an shell.
In the /etc/init.d/postgresql file you can see the pg_ctl command is called via su - postgres.........so somehow it needs a shell.
Or am I completely wrong?
_________________
Cheers
.NET is like a pet store written with gotos |
|
| Back to top |
|
|
bs
n00b
Joined: 19 Sep 2002
Posts: 27
Location: Freiburg / Germany
|
| Posted: Fri Nov 01, 2002 11:58 am Post subject: |
|
|
| ptheborg wrote: | Yeah, I ran into the same problem.......
But the only thing I did was manually simply removing /bin/false from the passwd file and creating a postgresql.log file in /var/log/ owned by postgres and its gid set.
Then everything worked.
But indeed very strange that the postgres process can't be started without suing to postgres......and therefore needs an shell.
In the /etc/init.d/postgresql file you can see the pg_ctl command is called via su - postgres.........so somehow it needs a shell.
Or am I completely wrong? |
I don't think you are wrong. /etc/init.d/postgresl starts postgres with su - $PGUSER -c "/usr/bin/pg_ctl start -D '$PGDATA' -s -l '$PGLOG' -o '$PGOPTS'". "man su" says
| Quote: | | ... In particular, an argument of -c will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell pecified in /etc/passwd for the target user... |
But /bin/false can't execute any command. |
|
| Back to top |
|
|
SergejGuru
n00b
Joined: 01 Nov 2002
Posts: 1
Location: Slovenia
|
| Posted: Fri Nov 01, 2002 2:40 pm Post subject: |
|
|
Here's a nice init script, taken from (online examples at Apress) one book "Linux for Small Business". Check that commands fit in one line or are continued OK if there's wrapping and check file locations of course (I'm a SuSE Linux webmaster and use very similar hand-made script - I've found the one below today). You might also change PostgreSQL version testing or simply comment/delete lines you don't understand or cause you problems but do keep the function structure.
| Code: | #! /bin/sh
# postgresql This is the init script for starting up the PostgreSQL
# server
#
# Customized by Hanifa Consulting, Ltd., for Linux in Small Business,
# a User's Guide, by John P. Lathrop.
#
# chkconfig: - 85 15
# description: Starts and stops the PostgreSQL backend daemon that handles \
# all database requests.
# processname: postmaster
# pidfile: /var/run/postmaster.pid
# Version 6.5.3-2 Lamar Owen
# Added code to determine if PGDATA exists, whether it is current version
# or not, and initdb if no PGDATA (initdb will not overwrite a database).
# Version 7.0 Lamar Owen
# Added logging code
# Changed PGDATA.
#
# Version 7.0.2 Trond Eivind Glomsrřd <teg@redhat.com>
# use functions, add conditional restart
# Version 7.0.3 Lamar Owen <lamar@postgresql.org>
# Check for the existence of functions before blindly using them
# in particular -- check for success () and failure () before using.
# More Cross-distribution support -- PGVERSION variable, and docdir checks.
# Version 7.1 Release Candidate Lamar Owen <lamar@postgresql.org>
# initdb parameters have changed.
# Version 7.1.2 Trond Eivind Glomsrřd <teg@redhat.com>
# Specify shell for su
# Handle stop better - kill unwanted output, make it wait until the database is ready
# Handle locales slightly differently - always using "C" isn't a valid option
# Kill output from database initialization
# Mark messages for translation
# Version 7.1.2-2.PGDG Lamar Owen <lamar.owen@wgcr.org>
# sync up.
# Karl's fixes for some quoting issues.
# PGVERSION is:
PGVERSION=7.1.3
# Source function library.
INITD=/etc/rc.d/init.d
. $INITD/functions
# Get function listing for cross-distribution logic.
TYPESET=`typeset -f|grep "declare"`
# Get config.
. /etc/sysconfig/network
# Check that networking is up.
# Pretty much need it for postmaster.
[ "${NETWORKING}" = "no" ] && exit 0
[ -f /usr/bin/postmaster ] || exit 0
start(){
PSQL_START=$"Starting postgresql service: "
# Check for older PGDATA location.
if [ -f /var/lib/pgsql/PG_VERSION ] && [ -d /var/lib/pgsql/base/template1 ]
then
export PGDATA=/var/lib/pgsql
else
export PGDATA=/var/lib/pgsql/data
fi
# Check for the PGDATA structure
if [ -f $PGDATA/PG_VERSION ] && [ -d $PGDATA/base ]
then
# Check version of existing PGDATA
if [ `cat $PGDATA/PG_VERSION` != '7.1' ]
then
SYSDOCDIR="(Your System's documentation directory)"
if [ -d /usr/doc/postgresql-$PGVERSION ]
then
SYSDOCDIR=/usr/doc
fi
if [ -d /usr/share/doc/postgresql-$PGVERSION ]
then
SYSDOCDIR=/usr/share/doc
fi
if [ -d /usr/doc/packages/postgresql-$PGVERSION ]
then
SYSDOCDIR=/usr/doc/packages
fi
if [ -d /usr/share/doc/packages/postgresql-$PGVERSION ]
then
SYSDOCDIR=/usr/share/doc/packages
fi
echo
echo $"An old version of the database format was found."
echo $"You need to upgrade the data format before using PostgreSQL."
echo $"See $SYSDOCDIR/postgresql-$PGVERSION/README.rpm-dist for more information."
exit 1
fi
# No existing PGDATA! Initdb it.
else
echo -n $"Initializing database: "
if [ ! -d $PGDATA ]
then
mkdir -p $PGDATA
chown postgres.postgres $PGDATA
fi
# Make sure the locale from the initdb is preserved for later startups...
[ -f /etc/sysconfig/i18n ] && cp /etc/sysconfig/i18n $PGDATA/../initdb.i18n
# Just in case no locale was set, use en_US
[ ! -f /etc/sysconfig/i18n ] && echo "LANG=en_US" > $PGDATA/../initdb.i18n
# Is expanded this early to be used in the command su runs
echo "export LANG LC_ALL LC_CTYPE LC_COLLATE LC_NUMERIC LC_CTYPE LC_TIME" >> $PGDATA/../initdb.i18n
# Initialize the database
su -l postgres -s /bin/sh -c "/usr/bin/initdb --pgdata=/var/lib/pgsql/data > /dev/null 2>&1" < /dev/null
[ -f $PGDATA/PG_VERSION ] && echo_success
[ ! -f $PGDATA/PG_VERSION ] && echo_failure
echo
fi
# Check for postmaster already running...
pid=`pidof -s postmaster`
if [ $pid ]
then
echo $"Postmaster already running."
else
#all systems go -- remove any stale lock files
rm -f /tmp/.s.PGSQL.* > /dev/null
echo -n "$PSQL_START"
su -l postgres -s /bin/sh -c "/usr/bin/pg_ctl -D $PGDATA -p /usr/bin/postmaster -o "-i" start > /dev/null 2>&1" < /dev/null
sleep 1
pid=`pidof -s postmaster`
if [ $pid ]
then
if echo "$TYPESET"|grep "declare -f success ()" >/dev/null
then
success "$PSQL_START"
else
echo " [ OK ]"
fi
touch /var/lock/subsys/postgresql
echo $pid > /var/run/postmaster.pid
echo
else
if echo "$TYPESET"|grep "declare -f failure ()" >/dev/null
then
failure "$PSQL_START"
else
echo " [ FAILED ]"
fi
echo
fi
fi
}
stop(){
# Check for postmaster already running... exit if this happens
pid=`pidof -s postmaster`
if [ "$pid" == "" ]; then
rm -f /var/run/postmaster.pid
rm -f /var/lock/subsys/postgresql
exit 0;
fi
echo -n $"Stopping postgresql service: "
# Check for older PGDATA location.
if [ -f /var/lib/pgsql/PG_VERSION ] && [ -d /var/lib/pgsql/base/template1 ]
then
export PGDATA=/var/lib/pgsql
else
export PGDATA=/var/lib/pgsql/data
fi
su -l postgres -s /bin/sh -c "/usr/bin/pg_ctl stop -D $PGDATA -s -m fast" > /dev/null 2>&1
ret=$? # This will always be 0, as the return code doesn't propagate... Fix that some day.
if [ $ret -eq 0 ]; then
echo_success
else
echo_failure
fi
echo
rm -f /var/run/postmaster.pid
rm -f /var/lock/subsys/postgresql
}
restart(){
stop
start
}
condrestart(){
[ -e /var/lock/subsys/postgresql ] && restart || :
}
# This script is slightly unusual in that the name of the daemon (postmaster)
# is not the same as the name of the subsystem (postgresql)
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status postmaster
;;
restart)
restart
;;
condrestart)
condrestart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 1
esac
exit 0
|
Sergej |
|
| Back to top |
|
|
axxackall
l33t
Joined: 06 Nov 2002
Posts: 651
Location: Toronto, Ontario, 3rd Rock From Sun
|
| Posted: Tue Nov 26, 2002 10:32 pm Post subject: Re: PostgreSQL and su problems |
|
|
| klieber wrote: | | sheepdog wrote: | | Question 1: What is the use of having a user in /etc/passwd if the shell is /bin/false? |
Because there is no need for that process to log on interactively (i.e. in a shell environment.) |
There is such a need according with PostgreSQL official documentation.
| klieber wrote: | | sheepdog wrote: | | Now I could and initialize PostgreSQL. |
Um...I've never used Postgres before, but unless it's wildly different than all other linux software I've ever touched, you don't need to su to that user. |
I recommend you at least to check the PostgreSQL documentation. It is recommended to su to such user interractively. BTW, Oracle has same approach: special interractive unix account dedicated for DBA super-user and the process owner. It is advised to keep it interactive AND different than root. Welcome to RDBMS world.
I don't think it would be a good idea if PostgreSQL and Oracle docs would have a special chapter for Gentoo users. It will be much better if Gentoo Portage developers will fix it in ebuild files.
| klieber wrote: | Just be logged in as root and type:
| Code: | | /etc/init.d/postgres start |
|
Did you try yourself? It doesn't really work by default in Gentoo - unless you change the shell for postgres user in /etc/passwd..
Besides the fix in /etc/passwd, I also recommend to include into "ebuild config" three commands right after initdb:
/etc/init.d/postgresql start
some_simple_sql_test.sh
/etc/init.d/postgresql start
That would help a user to make sure that DBMS was really built and configured properly. |
|
| Back to top |
|
|
|
Other Things Gentoo
