postgresql 14上的ssl文件权限不正确

Question

在postgresql 14上启用ssl后，启动Postgres服务器时出现错误：

2022-05-13 00:09:39.791 CST [938050] FATAL:  private key file "/etc/postgresql/14/main/server.key" has group or world access
2022-05-13 00:23:09.163 CST [938097] DETAIL:  File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.

我所做的就是遵循上面的提示和chmod 640 server.key。下面是chmod之后的当前权限输出(似乎只移除组的r)

-rw-r--r-- 1 root     root      2727 May 13 00:08 server.crt
-rw-r----- 1 root     root      3323 May 13 00:08 server.csr
-rw-r----- 1 root     root      1704 May 13 00:08 server.key

但是重新启动Postgres服务器仍然存在错误：

2022-05-13 00:38:09.331 CST [938235] FATAL:  could not load private key file "/etc/postgresql/14/main/server.key": Permission denied
    2022-05-13 00:38:09.331 CST [938235] LOG:  database system is shut down
    pg_ctl: could not start server

这里缺少什么ssl文件权限？

Answer 1

首先，将所有文件的所有权更改为PostgreSQL用户：

chown postgres server.crt server.key server.csr

然后从私钥文件中删除组的读取权限：

chmod g-r server.key