current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 2 down vote favorite

This is about Metasploit Framework. 

root@kali:~# service postgresql start
[....] Starting PostgreSQL 9.1 database server: main[....] The
PostgreSQL server failed to start. Please check the log output: 
2015-05-23 19:07:58 EDT LOG: database system was interrupted; 
last known up at 2015-05-23 16:52:00 EDT 2015-05-23 19:07:58 
EDT FATAL: could not open file "/etc/ssl/certs/ssl-cert-snakeoil.pem":   
Permission denied 2015-05-23 19:07:58 EDT LOG: startup process 
(PID 3466) exited with exit code 1 2015-05-23 19:07:58 EDT LOG: 
aborting startup due to startup [FAILss failure ... failed! failed!

My first question is, PostgreSQL was working perfectly. What things triggered this problem suddenly?

Secondly, how to fix this?

share|improve this question
up vote 5 down vote

It's likely the result of this postgres bug: https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug

share|improve this answer
up vote 1 down vote

In the text you have quoted is the reason:

FATAL: could not open file "/etc/ssl/certs/ssl-cert-snakeoil.pem":
Permission denied

If you really want to use the snakeoil certificate you need to ensure that PostgreSQL can read it. But it would be better to generate your own certificate and use that instead. (There's a reason why these certificates are called snakeoil.)

share|improve this answer
    
This is about Metasploit Framework. – anonymous May 24 '15 at 0:15
    
@BROY if that's relevant it would help to state it up front - like you have now done. Although I'm not clear why it is relevant. I'll go reading. – roaima May 24 '15 at 0:18
    
@BROY, nope sorry, I don't see the relevance, other than it seems the documentation for Metasploit doesn't care it's recommending a snakeoil certificate. – roaima May 24 '15 at 0:25
up vote 0 down vote

The solution is to use an acl,and permit to postgres user(is called postgres,or psql,check your password file) to read the 

/etc/ssl/certs/ssl-cert-snakeoil.pem

if user is called psql do this

setfacl -m u:psql:r--     /etc/ssl/certs/ssl-cert-snakeoil.pem

of course check if acl is active

mount |grep -w / |grep acl

if not edit fstab(make copy before) and after defaults, put acl

then mount -o remount / and set actl with setfacl

share|improve this answer
    
Or chmod a+r /etc/ssl/certs/ssl-snakeoil.pem, which is considerably easier – roaima May 24 '15 at 7:23
    
FWIW, even with this file world readable, I am getting UTC FATAL: could not open file "/etc/ssl/certs/ssl-cert-snakeoil.pem": Permission denied at the moment. – Joe Germuska Jul 20 '15 at 12:01

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.