I followed Peter's recommendation NOT to put my "clstr_mgr" O/S user in the "postgres" group—having earlier had it there. But doing so brought this content-free error message on an attempt to authorize using the intended method: Error: Invalid data directory for cluster 11 main A bit of Googling got me to this on the pgsql-general list (from the Peter, in fact): on that very topic. It seems that the error message is simply misleading and that it should read "Cannot read the config_file, hba_file, or ident_file" — as they are named in this query's output": select name, setting from pg_settings where category = 'File Locations'; Sure enough, neither my hba_file nor my ident_file were readable by "all" (but they were readable by "group"). However, the config_file was readable by "all". I've no idea what the history of those permissions is. Maybe I changed something along the way. I s'pose that I'd better regard my present installation as a dress rehearsal and simply redo it starting by restoring my "bare" Linux VM from file backup. Anyway, just to prove the point, I chmod'd my hba_file and my ident_file to make them readable by all. And the silly error message went away. However, that feels wrong to me. It would seem proper to put any user who you want to set up for "local", "peer" authentication into the "postgres" group. What do you (all) think? |