postgreSQL: permission denied reading a file using \i - postgresql

I posted this as an answer on the original question posed on
postgreSQL permission denied when reading from file with \i command
But I now realise I should have posted as a separate question.
My OS is Fedora 21, I have installed PostgreSQL-9.4
I am trying to read a file using the \i command and error message is Permission denied. I have chmod a+r on the file.
On my system there are 3 users [root, damo, postgres] and I have established a group [project] that has 2 members [damo, postgres]. I have used chgrp on all relevant directories which (I believe) should grant permission to user [postgres] to access various files.
I access pqsql with the user [postgres] but all of my other work is under user [damo]. Within pgsql using the tab to navigate from the command \i stops after
../../home/damo
and I can go no further. This obviously important but I don't know what it means. So I moved the file to that location and it still does not load. This is the output from ls -l and stat
$ ls -l testScript.sql
-rw-r--r--. 1 damo project 76 Nov 5 18:18 testScript.sql
$ stat testScript.sql
File: ‘testScript.sql’
Size: 76 Blocks: 8 IO Block: 4096 regular file
Device: fd02h/64770d Inode: 2623547 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1000/ damo) Gid: ( 1001/ project)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2015-11-05 18:18:06.082928881 +0000
Modify: 2015-11-05 18:18:06.084928866 +0000
Change: 2015-11-05 18:25:57.041183384 +0000
Birth: -
Can anyone advance some suggestions?

You're on Fedora 21, so you likely have SELinux enabled by default. The postgres user probably doesn't have the rights to access the security context user_home_t. The security context is shown by your stat output. You can include it in ls using ls -lZ.
The selinux boolean postgresql_selinux_unconfined_dbadm looks like what you want for that, per getsebool -a.
Check
getsebool postgresql_selinux_unconfined_dbadm
and if it's off, try:
setsebool postgresql_selinux_unconfined_dbadm on
Also, to determine whether selinux is what's denying access, check the system logs or run the sealert tool (SELinux alert browser).
Apart from that, it could well be that one of the directories in the absolute path of the file denies access to your operating system user.

Related

mounting bucket with fstab not working NEWBIE

I'm new on GCP and on linux and I try to mount a bucket on my centos instance using gcsfuse.
I tried with a script running at boot but it was not working so I tried with fstab (peoples told me it is much better)
But I got this error when I tried to ls my mounted point :
ls: reading directory .: Input/output error
here is my fstab file :
#
# /etc/fstab
# Created by anaconda on Tue Mar 26 23:07:36 2019
#
# Accessible filesystems, by reference, are maintained under'/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=de2d3dce-cce3-47a8-a0fa-5bfe54e611ab / xfs defaults 0 0
mybucket /mount/to/point gcsfuse rw,allow_other,uid=1001,gid=1001
According : https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/mounting.md
Thanks for your time.
Okay so I just had to wait 2 minutes due to google auth granting my key. Basically it works

Maillog /bin/sh: /usr/lib/dovecot/dovecot-lda: No such file or directory 4.2.1

I just moved to a new server with Plesk pre-installed on it, my sites work now but when I try to send mails I get the following error:
Mar 5 13:43:14 www postfix/qmgr[2271]: 9351512650BA:
from=, size=572, nrcpt=1 (queue active) Mar 5
13:43:14 www postfix-local[3080]: postfix-local:
from=info#[MY_DOMAIN].nl, to=servers#[MY_DOMAIN].nl,
dirname=/var/qmail/mailnames Mar 5 13:43:14 www
postfix/pipe[3079]: 9351512650BA: to=,
relay=plesk_virtual, delay=1307, delays=1307/0.04/0/0.05, dsn=4.3.0,
status=deferred (temporary failure. Command output: /bin/sh:
/usr/lib/dovecot/dovecot-lda: No such file or directory 4.2.1
Message can not be delivered at this time )
I have been looking for over an hour but I have not found a fix yet.
The directory /usr/lib/dovecot does not exists, the directory /usr/lib64/dovecot does exists.
The server runs on Centos.
SOLVED: I found out that I copied the full mail directories, including the config files. I removed the mailboxes and moved over the mail directories without config files. Now the mailbox works again.
So for everybody with the same problem when moving. Don't copy your mail config files.
Various options exist:
ln -s /usr/lib64/dovecot/dovecot-lda /usr/lib/dovecot/dovecot-lda,
Edit your postfix/master.cf file and change the /usr/lib/dovecot path to /usr/lib64/dovecot,
Install a 32-bit version of Dovecot on that box.
All have their disadvantages, the best thing is to coordinate with the people who wrote the software that manages the email config and let them know your trouble.

What is wrong with my TOR?

I'm the operator of the XMPP server on darkness.su.The server runs on Centos 6.
I installed TOR and configured it to provide a hidden service access to the server.It was working fine at first,but ever since an update a few months ago it started giving me these errors:
799 May 25 14:19:37.060 [warn] Permissions on directory /var/lib/tor/hidden_service are too permissive.
800 May 25 14:19:37.060 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
801 May 25 14:19:37.060 [err] Reading config failed--see warnings above.
I tried to check the logs,but I can't find them,and setting one doesn't seem to work.I've tried removing TOR and wiping all its folder,then reinstalling it.Same thing.
I'm installing through yum from TOR Project's repository.
With chmod 700 on the hidden service directory(owned by TOR):
Jul 24 21:39:05.573 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 24 21:39:05.573 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 21:39:05.573 [err] Reading config failed--see warnings above
After changing directory owner to root:
Jul 24 22:11:36.236 [warn] /var/lib/tor/hidden_service/ is not owned by this user (_tor, 496) but by root (0). Perhaps you are running Tor as the wrong user?
Jul 24 22:11:36.236 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 24 22:11:36.236 [err] Reading config failed--see warnings above.
Permissions on directory /var/lib/tor/hidden_service are too permissive.
This means, that too many users have access to this directory. Try to change it:
chmod 700 /var/lib/tor/hidden_service
I assume here that the user running TOR is also the owner of the directory.
Your initial problem with permission issues (I had these after cloning a virtual hdd in VirtualBox) was caused by broken labels in selinux. On CentOS/Linux this is fixed with:
restorecon -r -v /var/lib/tor
It is all about file and directory permissions. I wrote this in Dockerfile
FROM osminogin/tor-simple:0.4.6.7
ARG source=.
USER tor
COPY $source/torrc /etc/tor/torrc
RUN mkdir /var/lib/tor/sc && chmod 700 /var/lib/tor/sc
COPY --chown=tor:nogroup $source/private/* /var/lib/tor/sc
RUN chmod -R 400 /var/lib/tor/sc/*
In my sc directory I have hostname and key pair.
After restarting the container tor domain name persists
sudo chown _tor:_tor /var/lib/tor/site/
fixed it for me.

Snorby not display alerts on main page

Building a Snort / Barnyard2 / Snorby setup.
Having trouble with getting snorby to see events.
Snort and barnyard2 are both running at boot.
Here is my config relevant to the problem.
Snort:
output unified2: filename snort.u2, limit 128
Barnyard2:
config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/gen-msg.map
config sid_file: /usr/local/snort/etc/sid-msg.map
config hostname:localhost
config interface: eth1
input unified2
output database: log, mysql, user=snort password=snorbypass dbname=snorby host=localhost
Snorby:
snorby: &snorby
adapter: mysql
username: snort
password: "snorbypass"
host: localhost
rc.local:
ifconfig eth1 up
/usr/local/snort/bin/snort -D -u snort -g snort \
-c /usr/local/snort/etc/snort.conf -i eth1
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf \
-d /var/log/snort \
-f snort.u2 \
-w /var/log/snort/barnyard2.waldo \
-D
Current status:
Right now, when the system boots, I can see both the snort and barnyard2 processes running as issued in the rc.local.
When browsing to localhost in a browser, I can login to Snorby and change password, etc...
I can also see the sensor listed under sensors.
When looking at the workers, there is one running. I have also deleted this from from withing the web ui and recreated it without any issues.
When looking in the database for snorby, I can "SELECT * from signature" and see alot of signatures listed here.
Also, I can see the size of the most recent /var/log/snort/snort.u2.1398021580 being constantly updated.
My barnyard.waldo is also in this directory and I can see it with data and you can see that it is no longer a text file, but a binary. This can be re-created by deleting the file re-creating a new barnyard2.waldo text file and restarting barnyard2. By doing so, the file will be turned into a binary file with the size of 2056.
The file ownership is snort:snort and the file permissions on the directory /var/log/snort is 666.
Possible problem??::
The only thing I can see that is not functioning correctly is when I stop barnyard2 and start without -D to see the startup.
I receive a repeating error:
--== Initialization Complete ==--
Using waldo file '/var/log/snort/barnyard2.waldo':
spool directory = /var/log/snort
spool filebase = snort.u2
time_stamp = 1398023768
record_idx = 0
Opened spool file '/var/log/snort/snort.u2.1398023768'
WARNING: No function defined to read header.
WARNING: No function defined to read header.
Closing spool file '/var/log/snort/snort.u2.1398023768'. Read 0 records
Opened spool file '/var/log/snort/snort.u2.1398024174'
WARNING: No function defined to read header.
Waiting for new data
WARNING: No function defined to read header.
WARNING: No function defined to read header.
WARNING: No function defined to read header.
WARNING: No function defined to read header.
WARNING: No function defined to read header.
WARNING: No function defined to read header.
There is very little on this error when I looked through Google, but I believe that barnyard2 is having trouble reading the snort,u2 file. You can see here that it seems to load it okay, but that is about it. Regardless, when looking in the Snorby UI, there are 0 events on the listed sensor.
Any ideas would be greatly appreciated.
Once I ran PulledPork to down load snort rules, I received a new sid-msg.map file for the version of snort currently running. Repeating error resolved.

Unable to run Mongo shell (Mac)

I'm new to web development and I wanted to get started with some RoR (using Locomotive CMS).
One of the things Locomotive asks for is to have Mongodb. I installed using homebrew by following this link http://docs.mongodb.org/manual/tutorial/install-mongodb-on-os-x/
It installs fine but then im not able to run it!
When I type 'mongo' on terminal I get the following output :
"MongoDB shell version: 2.4.3
connecting to: test
Mon May 6 11:12:28.927
JavaScript execution failed:
Error: couldn't connect to server
127.0.0.1:27017 at src/mongo/shell/mongo.js:L112
exception: connect failed"
BACKGROUND TO HELP DEBUGGING ( on Terminal) :
1.When I type in mongod I get the following :
"all output going to: /usr/local/var/log/mongodb/mongo.log"
Ownership of mongo.log :
-rw-r--r-- 1 username admin 22133 May 6 11:13 mongo.log
2.When I input mongod --fork I get the following :
about to fork child process, waiting until server is ready for connections.
forked process: 77566
all output going to: /usr/local/var/log/mongodb/mongo.log
ERROR: child process failed, exited with error number 100
3.Typing mongod --help gives the following warning:
* WARNING: soft rlimits too low. Number of files is 256, should be at least 1000
4.I have a folder called data (which acts as amongodb database, is this where it should be?)in root (PATH : /data) Ownership of data folder :
"drwxr-xr-x 3 username wheel 102 Apr 23 21:38 data"
5.Checking if ports are free: lsof -i :27017. Ive also tried to check for a running mongo process using activity montior and found zilch!
No output
6.Ive also tried : mongo --repair. Dint help!
Ive been stuk on this for a while, I've looked at most responses on stackoverflow and searched around to find a solution to this but nothing has helped so far!
UPDATE:
When I tried to start the mongo shell, I was getting the following l
log message from mongo.log:
5/6/13 1:33:27.616 PM com.apple.launchd:
(org.mongodb.mongod[79133])
open("/private/var/log/mongodb/output.log", ...): Permission denied
So I did a chmod777 for the particular folder and the shell launches!
Although I still get a warning when it launches as:
Server has startup warnings:
Mon May 6 13:33:27.693 [initandlisten]
Mon May 6 13:33:27.693 [initandlisten]
** WARNING: soft rlimits too low.
Number of files is 256, should be at least 1000
Any idea how I can silence these warnings?
To get the information you need to determine the cause of failure you need to look in (and post for us) the output from /usr/local/var/log/mongodb/mongo.log when it is trying to start.
However, the most common reason for the failure is the lack of the default database path - at /data/db. Either create that folder (and don't forget to make sure your user has permission to read/write to it) or specify a different path with the --dbpath option.
UPDATE: as you have since found, bad permissions on the log file can cause the issue, in a similar way to bad permissions on the data path.
In terms of the warning, the information you need is here:
https://superuser.com/questions/433746/is-there-a-fix-for-the-too-many-open-files-in-system-error-on-os-x-10-7-1
It is just that though, a warning - you can run MongoDB without an issue with those limits as long as it is not under heavy load. So, if this is a development environment, unless you plan on load testing, you should be fine