[Pkg-postgresql-public] Bug#795410: postgresql-common: pg_createcluster fails on clean install of postgresql

Sérgio Carvalho sergiosgc at gmail.com
Mon Aug 17 09:21:20 UTC 2015 

Hi Christoph,

Thanks for looking into this. I've managed to bash the original container
into installing the cluster, so it can't be used to properly debug this.
I've just setup a new one, as described in the original bug report, so I
can show you my findings.

In the clean install, "apt-get install postgresql" exhibits the error
described in the bug.

>From here:
root at debian-db:~# su - postgres
postgres at debian-db:~$ /bin/sh
$ exit
postgres at debian-db:~$ cat /etc/postgresql/9.4/main/postgresql.conf
cat: /etc/postgresql/9.4/main/postgresql.conf: Permission denied
postgres at debian-db:~$ ls -lah /etc/ | grep postgresql
drwxr-x---+  3 root root   4.0K Aug 17 08:49 postgresql
drwxr-xr-x+  3 root root   4.0K Aug 17 08:47 postgresql-common
postgres at debian-db:~$ exit

So, postgres seems able to execute /bin/sh just fine, but can't read the
postgresql.conf file, in line with the file permissions.

root at debian-db:~# pg_dropcluster 9.4 main
root at debian-db:~# chown postgres /etc/postgresql
root at debian-db:~# cd /tmp && pg_createcluster 9.4 main
Creating new cluster 9.4/main ...
  config /etc/postgresql/9.4/main
  data   /var/lib/postgresql/9.4/main
  locale en_US.UTF-8
Flags of /var/lib/postgresql/9.4/main set as -------------e-C
Warning: The socket directory for owners other than 'postgres'
defaults to /tmp. You might want to change the unix_socket_directories
parameter
in postgresql.conf to a more secure directory.
Error: could not open /etc/postgresql/9.4/main/postgresql.conf for reading
at /usr/share/perl5/PgCommon.pm line 194.
Can't exec "/bin/sh": Permission denied at /usr/bin/pg_createcluster line
590.

Same error. Strangely, now:

root at debian-db:/tmp# su - postgres
postgres at debian-db:~$ cat /etc/postgresql/9.4/main/postgresql.conf
[postgresql.conf content here]

So, the only option is a wrong error message.

If I edit the relevant section in /usr/bin/pg_createcluster, I can get it
to work. On line 417, there's this content:

set_cluster_socketdir $version, $cluster, $socketdir if $socketdir;
$> = $orig_euid;
$) = $orig_egid;

Change it to:

$> = $orig_euid;
$) = $orig_egid;
set_cluster_socketdir $version, $cluster, $socketdir if $socketdir;

(i.e. Run the config change as root, not as postgres, which is consistent
with the rest of the script). I think the error reported by PgCommon.pm is
wrong. It can't *write* the conf file, not *read*.

After the change, "pg_createcluster 9.4 main" runs just fine.

Now, for the cherry on top. The cluster won't start:

root at debian-db:/tmp# systemctl start postgresql at 9.4-main.service
Job for postgresql at 9.4-main.service failed because the control process
exited with error code. See "systemctl status postgresql at 9.4-main.service"
and "journalctl -xe" for details.

systemctl status doesn't give any interesting info:
root at debian-db:/tmp# systemctl status postgresql at 9.4-main.servicepostgresql at 9.4-main.service - PostgreSQL Cluster 9.4-main
   Loaded: loaded (/lib/systemd/system/postgresql at .service; disabled;
vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2015-08-17 09:09:28 UTC;
35s ago
  Process: 3198 ExecStart=postgresql@%i %i start (code=exited,
status=1/FAILURE)

Aug 17 09:08:57 debian-db systemd[1]: Starting PostgreSQL Cluster
9.4-main...
Aug 17 09:09:28 debian-db postgresql at 9.4-main[3198]: The PostgreSQL server
failed to start. Please check the log output.
Aug 17 09:09:28 debian-db systemd[1]: postgresql at 9.4-main.service: Control
process exited, code=exited status=1
Aug 17 09:09:28 debian-db systemd[1]: Failed to start PostgreSQL Cluster
9.4-main.
Aug 17 09:09:28 debian-db systemd[1]: postgresql at 9.4-main.service: Unit
entered failed state.
Aug 17 09:09:28 debian-db systemd[1]: postgresql at 9.4-main.service: Failed
with result 'exit-code'.

But it is again a question of permissions. /var/log/postgresql is owned by
root:postgres with permissions rwxrwxr-t. Within, postgresql-9.4-main.log
is owned by postgres:adm with permissions rw-r-----. It should work, but
postgresql complains it can't write to its log. I suppose the temporary
flag in the log directory may cause strange behaviour when the log file is
accessed by a different user/group pair (postgres:postgres vs
postgres:adm).

root at debian-db:/tmp# rm -Rf /var/log/postgresql/; mkdir
/var/log/postgresql/; chown postgres:postgres /var/log/postgresql/
root at debian-db:/tmp# systemctl start postgresql at 9.4-main.service
root at debian-db:/tmp# echo $?
0

Sorry for the long mail. It was inevitable. It seems pg_createcluster is
actually wrong, the configuration change should be done as root (from what
I infer from the rest of the script). However, something in debian
triggered this, as it didn't use to happen (I last did this operation over
a year ago, so my the bisection is not much use, really).

If you need to play around with this install, I can try and get this
container online and accessible to you. Tell me if you need me to.

Cheers,
--
Sérgio Carvalho

On Fri, Aug 14, 2015 at 6:34 PM, Christoph Berg <myon at debian.org> wrote:

> Control: tags -1 moreinfo
>
> Re: Sergio Carvalho 2015-08-13
> <20150813184358.3021.68521.reportbug at profissional-db>
> > The installer produces this output:
> >
> > Setting up postgresql-9.4 (9.4.4-1) ...
> > Creating new cluster 9.4/main ...
> >   config /etc/postgresql/9.4/main
> >   data   /var/lib/postgresql/9.4/main
> >   locale en_US.UTF-8
> > Flags of /var/lib/postgresql/9.4/main set as -------------e-C
> > Warning: The socket directory for owners other than 'postgres'
> > defaults to /tmp. You might want to change the unix_socket_directories
> parameter
> > in postgresql.conf to a more secure directory.
> > Error: could not open /etc/postgresql/9.4/main/postgresql.conf for
> reading at /usr/share/perl5/PgCommon.pm line 194.
> > Can't exec "/bin/sh": Permission denied at /usr/bin/pg_createcluster
> line 590.
>
> Hi Sergio,
>
> to me it seems the /bin/sh error is the root of the problem. Could you
> check what's up with that? If that's broken it's no wonder the
> utilities fail in some way.
>
> Christoph
> --
> cb at df7cb.de | http://www.df7cb.de/
>



-- 
Sérgio Carvalho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150817/f8099807/attachment.html>

More information about the Pkg-postgresql-public mailing list