The following bug has been logged online: Bug reference: 3809 Logged by: Simon Arlott Email address: postgresql.simon@arlott.org PostgreSQL version: 8.2.4 Operating system: Linux 2.6.23 Description: SSL "unsafe" private key permissions bug Details: FATAL: unsafe permissions on private key file "server.key" DETAIL: File must be owned by the database user and must have no permissions for "group" or "other". It should be possible to disable this check in the configuration, so those of us capable of deciding what's unsafe can do so. ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match

"Simon Arlott" <postgresql.simon@arlott.org> writes: > FATAL: unsafe permissions on private key file "server.key" > DETAIL: File must be owned by the database user and must have no > permissions for "group" or "other". > It should be possible to disable this check in the configuration, so those > of us capable of deciding what's unsafe can do so. You haven't given any reason to think that you are smarter than this check. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly

Alvaro Herrera <alvherre@alvh.no-ip.org> writes: > Gregory Stark wrote: >> Storing your keys on a usb stick (which usually use fat filesystems) >> isn't really such a crazy idea either. > Storing a server SSL key on a USB stick is not crazy? I don't follow. > What use case do you have for that? It's worth pointing out also that we require server.key to be directly in the $PGDATA directory, which means that any filesystem limitations on its permissions info are going to apply to the $PGDATA directory itself. Curiously enough, the access-permission checks on both $PGDATA and $PGDATA/server.key are diked out in WIN32 builds, but I consider that a bug we should fix, not a feature to be extended. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org