CentOS 7 pg_ctl: could not access directory “/var/lib/pgsql/data”: Permission denied










1















PostgreSQL 10.6 and CentOS 7



pg_ctl status
pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied`


Wouldn't pg_ctl have access to this, given /var/lib/pgsql/data has ownership postgres:postgres?



drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql


How can I fix this without creating a vulnerability? Why is this throwing an error?



Additional info (edit):



su - postgres
cd /var/lib
/var/lib/pgsql: drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql
/var/lib/pgsql/10: drwx------ 4 postgres postgres 33 Nov 14 06:38 10
/var/lib/pgsql/10/data: drwx------ 20 postgres postgres 4096 Nov 15 03:47 data









share|improve this question




























    1















    PostgreSQL 10.6 and CentOS 7



    pg_ctl status
    pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied`


    Wouldn't pg_ctl have access to this, given /var/lib/pgsql/data has ownership postgres:postgres?



    drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql


    How can I fix this without creating a vulnerability? Why is this throwing an error?



    Additional info (edit):



    su - postgres
    cd /var/lib
    /var/lib/pgsql: drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql
    /var/lib/pgsql/10: drwx------ 4 postgres postgres 33 Nov 14 06:38 10
    /var/lib/pgsql/10/data: drwx------ 20 postgres postgres 4096 Nov 15 03:47 data









    share|improve this question


























      1












      1








      1








      PostgreSQL 10.6 and CentOS 7



      pg_ctl status
      pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied`


      Wouldn't pg_ctl have access to this, given /var/lib/pgsql/data has ownership postgres:postgres?



      drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql


      How can I fix this without creating a vulnerability? Why is this throwing an error?



      Additional info (edit):



      su - postgres
      cd /var/lib
      /var/lib/pgsql: drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql
      /var/lib/pgsql/10: drwx------ 4 postgres postgres 33 Nov 14 06:38 10
      /var/lib/pgsql/10/data: drwx------ 20 postgres postgres 4096 Nov 15 03:47 data









      share|improve this question
















      PostgreSQL 10.6 and CentOS 7



      pg_ctl status
      pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied`


      Wouldn't pg_ctl have access to this, given /var/lib/pgsql/data has ownership postgres:postgres?



      drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql


      How can I fix this without creating a vulnerability? Why is this throwing an error?



      Additional info (edit):



      su - postgres
      cd /var/lib
      /var/lib/pgsql: drwx------ 3 postgres postgres 94 Nov 14 06:43 pgsql
      /var/lib/pgsql/10: drwx------ 4 postgres postgres 33 Nov 14 06:38 10
      /var/lib/pgsql/10/data: drwx------ 20 postgres postgres 4096 Nov 15 03:47 data






      postgresql centos7 pg-ctl






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 16:33









      Laurenz Albe

      47.8k102748




      47.8k102748










      asked Nov 15 '18 at 8:32









      Rich_FRich_F

      4801519




      4801519






















          2 Answers
          2






          active

          oldest

          votes


















          1














          In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).



          So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.






          share|improve this answer























          • My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

            – Rich_F
            Nov 15 '18 at 16:51







          • 1





            What's wrong with using pg_isready?

            – Laurenz Albe
            Nov 15 '18 at 16:54











          • Nothing wrong with it. First time I've seen it, actually. Different result as well.

            – Rich_F
            Nov 15 '18 at 16:55











          • What exactly is your need?

            – Laurenz Albe
            Nov 15 '18 at 17:12











          • Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

            – Rich_F
            Nov 15 '18 at 17:13


















          1














          This needs few troubleshooting steps to pinpoint the real issue.



          1. Find out the user/owner and files permissions for that location in Linux:


          Ls - al /var/lib/pgsql/data/


          ls - al /var/lib/pgsql/





          1. Try to change to the postgres user and access the directory in 1



            # su - postgres



          Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible



          https://wiki.postgresql.org/wiki/First_steps



          https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04



          Update



          From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions



          Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..






          share|improve this answer

























          • Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

            – Rich_F
            Nov 15 '18 at 13:54











          • Can u spit the outputs to show the owner?

            – Salah-1
            Nov 15 '18 at 14:01











          • In original post.

            – Rich_F
            Nov 15 '18 at 14:06










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53315221%2fcentos-7-pg-ctl-could-not-access-directory-var-lib-pgsql-data-permission-de%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).



          So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.






          share|improve this answer























          • My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

            – Rich_F
            Nov 15 '18 at 16:51







          • 1





            What's wrong with using pg_isready?

            – Laurenz Albe
            Nov 15 '18 at 16:54











          • Nothing wrong with it. First time I've seen it, actually. Different result as well.

            – Rich_F
            Nov 15 '18 at 16:55











          • What exactly is your need?

            – Laurenz Albe
            Nov 15 '18 at 17:12











          • Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

            – Rich_F
            Nov 15 '18 at 17:13















          1














          In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).



          So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.






          share|improve this answer























          • My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

            – Rich_F
            Nov 15 '18 at 16:51







          • 1





            What's wrong with using pg_isready?

            – Laurenz Albe
            Nov 15 '18 at 16:54











          • Nothing wrong with it. First time I've seen it, actually. Different result as well.

            – Rich_F
            Nov 15 '18 at 16:55











          • What exactly is your need?

            – Laurenz Albe
            Nov 15 '18 at 17:12











          • Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

            – Rich_F
            Nov 15 '18 at 17:13













          1












          1








          1







          In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).



          So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.






          share|improve this answer













          In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).



          So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 15 '18 at 16:31









          Laurenz AlbeLaurenz Albe

          47.8k102748




          47.8k102748












          • My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

            – Rich_F
            Nov 15 '18 at 16:51







          • 1





            What's wrong with using pg_isready?

            – Laurenz Albe
            Nov 15 '18 at 16:54











          • Nothing wrong with it. First time I've seen it, actually. Different result as well.

            – Rich_F
            Nov 15 '18 at 16:55











          • What exactly is your need?

            – Laurenz Albe
            Nov 15 '18 at 17:12











          • Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

            – Rich_F
            Nov 15 '18 at 17:13

















          • My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

            – Rich_F
            Nov 15 '18 at 16:51







          • 1





            What's wrong with using pg_isready?

            – Laurenz Albe
            Nov 15 '18 at 16:54











          • Nothing wrong with it. First time I've seen it, actually. Different result as well.

            – Rich_F
            Nov 15 '18 at 16:55











          • What exactly is your need?

            – Laurenz Albe
            Nov 15 '18 at 17:12











          • Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

            – Rich_F
            Nov 15 '18 at 17:13
















          My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

          – Rich_F
          Nov 15 '18 at 16:51






          My point was that I would think pg_ctl would be the way of getting this to other users, instead of having to log in as the postgres user to see what the status is of the db server. It's a bit odd to jump through those hoops. Ah but then again, in a db-only deployment, that's probably the case I'd be postgres. I just thought they would allow tools available to normal users, or at least su.

          – Rich_F
          Nov 15 '18 at 16:51





          1




          1





          What's wrong with using pg_isready?

          – Laurenz Albe
          Nov 15 '18 at 16:54





          What's wrong with using pg_isready?

          – Laurenz Albe
          Nov 15 '18 at 16:54













          Nothing wrong with it. First time I've seen it, actually. Different result as well.

          – Rich_F
          Nov 15 '18 at 16:55





          Nothing wrong with it. First time I've seen it, actually. Different result as well.

          – Rich_F
          Nov 15 '18 at 16:55













          What exactly is your need?

          – Laurenz Albe
          Nov 15 '18 at 17:12





          What exactly is your need?

          – Laurenz Albe
          Nov 15 '18 at 17:12













          Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

          – Rich_F
          Nov 15 '18 at 17:13





          Just tripped over the process thinking it would give me lots of feedback including variables displayed inside the db using SHOW all;.

          – Rich_F
          Nov 15 '18 at 17:13













          1














          This needs few troubleshooting steps to pinpoint the real issue.



          1. Find out the user/owner and files permissions for that location in Linux:


          Ls - al /var/lib/pgsql/data/


          ls - al /var/lib/pgsql/





          1. Try to change to the postgres user and access the directory in 1



            # su - postgres



          Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible



          https://wiki.postgresql.org/wiki/First_steps



          https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04



          Update



          From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions



          Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..






          share|improve this answer

























          • Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

            – Rich_F
            Nov 15 '18 at 13:54











          • Can u spit the outputs to show the owner?

            – Salah-1
            Nov 15 '18 at 14:01











          • In original post.

            – Rich_F
            Nov 15 '18 at 14:06















          1














          This needs few troubleshooting steps to pinpoint the real issue.



          1. Find out the user/owner and files permissions for that location in Linux:


          Ls - al /var/lib/pgsql/data/


          ls - al /var/lib/pgsql/





          1. Try to change to the postgres user and access the directory in 1



            # su - postgres



          Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible



          https://wiki.postgresql.org/wiki/First_steps



          https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04



          Update



          From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions



          Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..






          share|improve this answer

























          • Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

            – Rich_F
            Nov 15 '18 at 13:54











          • Can u spit the outputs to show the owner?

            – Salah-1
            Nov 15 '18 at 14:01











          • In original post.

            – Rich_F
            Nov 15 '18 at 14:06













          1












          1








          1







          This needs few troubleshooting steps to pinpoint the real issue.



          1. Find out the user/owner and files permissions for that location in Linux:


          Ls - al /var/lib/pgsql/data/


          ls - al /var/lib/pgsql/





          1. Try to change to the postgres user and access the directory in 1



            # su - postgres



          Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible



          https://wiki.postgresql.org/wiki/First_steps



          https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04



          Update



          From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions



          Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..






          share|improve this answer















          This needs few troubleshooting steps to pinpoint the real issue.



          1. Find out the user/owner and files permissions for that location in Linux:


          Ls - al /var/lib/pgsql/data/


          ls - al /var/lib/pgsql/





          1. Try to change to the postgres user and access the directory in 1



            # su - postgres



          Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible



          https://wiki.postgresql.org/wiki/First_steps



          https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04



          Update



          From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions



          Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 15 '18 at 15:06

























          answered Nov 15 '18 at 13:47









          Salah-1Salah-1

          790914




          790914












          • Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

            – Rich_F
            Nov 15 '18 at 13:54











          • Can u spit the outputs to show the owner?

            – Salah-1
            Nov 15 '18 at 14:01











          • In original post.

            – Rich_F
            Nov 15 '18 at 14:06

















          • Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

            – Rich_F
            Nov 15 '18 at 13:54











          • Can u spit the outputs to show the owner?

            – Salah-1
            Nov 15 '18 at 14:01











          • In original post.

            – Rich_F
            Nov 15 '18 at 14:06
















          Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

          – Rich_F
          Nov 15 '18 at 13:54





          Sorry, I think you've missed what I put. It is owned postgres:postgres. I stated that in the original post. pg_ctl is run as rich and it can't see inside /var/lib. The database works. I just can't use pg_ctl status due to the permissions that the install set itself. It's odd.

          – Rich_F
          Nov 15 '18 at 13:54













          Can u spit the outputs to show the owner?

          – Salah-1
          Nov 15 '18 at 14:01





          Can u spit the outputs to show the owner?

          – Salah-1
          Nov 15 '18 at 14:01













          In original post.

          – Rich_F
          Nov 15 '18 at 14:06





          In original post.

          – Rich_F
          Nov 15 '18 at 14:06

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53315221%2fcentos-7-pg-ctl-could-not-access-directory-var-lib-pgsql-data-permission-de%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Top Tejano songwriter Luis Silva dead of heart attack at 64

          政党

          天津地下鉄3号線