0

I want to set up a PostgreSQL database but initdb hits an authentication error. I seem to be doing as described in docs.

  1. I log in as postgres user with doas -u postgres -s (AFAIK it's same as su - postgres)
  2. cd to /home/user/A/B/postgres.
  3. stat . yields

Access: (0700/drwx------) Uid: ( 965/postgres) Gid: ( 965/postgres)

  1. id yields

uid=965(postgres) gid=965(postgres) groups=965(postgres)

  1. Running initdb -D /home/user/A/B/data results in an error with:

could not change directory to "/home/user/A/B/postgres": Permission denied

The files belonging to this database system will be owned by user "postgres". This user must also own the server process.

The database cluster will be initialized with locale "C". The default database encoding has accordingly been set to "SQL_ASCII". The default text search configuration will be set to "english".

Data page checksums are disabled.

initdb: error: could not access directory "/home/user/A/B/postgres/data": Permission denied

This or similar error is hit with or without the directory data created beforehand and also using both relative and absolute paths. The folders A and B in the path are not owned by postgres.

I'm using postgresql 13.4-6 on manjaro with doas for authentication and sudo uninstalled.

zaabson
  • 151
  • 12
  • 1
    'The folders A and B in the path are not owned by postgres.' would be your problem. The OS user `postgres` does not have the permissions to traverse `"/home/user/A/B` to get to `/data`. – Adrian Klaver Jan 28 '22 at 19:03
  • **Solution**: Indeed path traversing is the problem. I added execute permissions for others in folders up in the path and it solves the problem. Thank you! – zaabson Jan 28 '22 at 20:01
  • I thought about that but dismissed as it didn't work with relative paths as well. Shouldn't relative path resolution work? In the end I don't think I'm doing anything strange? It should be possible to create database somewhere deep into directory tree without any 'global' permission changes? EDIT: Apparently this is how path resolution works as checked with various other commands. – zaabson Jan 28 '22 at 20:03
  • 1
    It would be a big security hole if someone could bypass all upper level permissions in a path to get a lower directory they have permissions on. – Adrian Klaver Jan 28 '22 at 20:40

0 Answers0