[Postgres]postgresql.conf : Permission denied处理一法

使用yum安装完postgresql，没有使用默认的DATA地址，自己配置了DATA地址以后，使用root权限启动service

service postgresql start

，报出了"FAILED"

不解，检查Log文件 /var/lib/pgsql/pgstartup.log. 发现如下记录

postmaster cannot access the server configuration file

"/var/lib/pgsql/data/postgresql.conf": Permission denied

于是检查postgres用户的文件权限，没有明显的问题，可读可写（忘了好像是700），于是上网一查，基本怀疑问题在SELinux上

先检查SELinux状态

# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /selinux

Current mode:                   enforcing

Mode from config file:          enforcing

Policy version:                 21

Policy from config file:        targeted

 

果然是运行状态，并且还是在"enforcing"模式，检查SELinux的Log(大部分情况在/var/log/audit/，有时也会被配置到/var/log/messages)

# grep postgres /var/log/audit/audit.log | grep denied | tail -1

 

type=AVC msg=audit(1234567890.334:432): avc:  denied  { read } for

pid=1234 comm="postmaster" name="pgsql" dev=newpgdisk ino=403123 

scontext=user_u:system_r:postgresql_t:s0

tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file

有一条拒绝记录！就这玩意干的。

这里说个最简单干脆的方法，停用SELinux.

编辑/etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

将SELINUX=enforcing 改成 SELINUX=permissive或者SELINUX=disabled，重启系统

再次启动postgresql，问题解决

可参考:http://blog.endpoint.com/2009/09/permission-denied-for-postgresqlconf.html

http://www.crypt.gen.nz/selinux/disable_selinux.html

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html