使用yum安装完postgresql,没有使用默认的DATA地址,自己配置了DATA地址以后,使用root权限启动service
service postgresql start
,报出了"FAILED"
不解,检查Log文件 /var/lib/pgsql/pgstartup.log. 发现如下记录
postmaster cannot access the server configuration file
"/var/lib/pgsql/data/postgresql.conf": Permission denied
于是检查postgres用户的文件权限,没有明显的问题,可读可写(忘了好像是700),于是上网一查,基本怀疑问题在SELinux上
先检查SELinux状态
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
果然是运行状态,并且还是在"enforcing"模式,检查SELinux的Log(大部分情况在/var/log/audit/,有时也会被配置到/var/log/messages)
# grep postgres /var/log/audit/audit.log | grep denied | tail -1
type=AVC msg=audit(1234567890.334:432): avc: denied { read } for
pid=1234 comm="postmaster" name="pgsql" dev=newpgdisk ino=403123
scontext=user_u:system_r:postgresql_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file
有一条拒绝记录!就这玩意干的。
这里说个最简单干脆的方法,停用SELinux.
编辑/etc/selinux/config:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
将SELINUX=enforcing 改成 SELINUX=permissive或者SELINUX=disabled,重启系统
再次启动postgresql,问题解决
可参考:http://blog.endpoint.com/2009/09/permission-denied-for-postgresqlconf.html
http://www.crypt.gen.nz/selinux/disable_selinux.html
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html