0

I am trying to restore a database with the following command:

$ sudo -u postgres pg_restore -C -d dvdrental dvdrental.tar 
[sudo] password for t:

However, I am receiving the following error message:

could not change directory to "/home/t/mydata/.../relation model/SQL/implementations/Implementations, i.e. relational database management systems/postgreSQL/general/web/postgresqltutorial/databases": Permission denied

pg_restore: [archiver] could not open input file "dvdrental.tar": No such file or directory

I was wondering why I can't change directory to the current directory with permission denied?

File permission bits are:

 -rw-rw-r-- 1 t t 2838016 May 26  2013 dvdrental.tar

Is it because one of its ancestry directory is not both readable and executable by any one? The file has many ancestry directories, and how can I verify that?

Tim
  • 101,790

2 Answers2

5

You can, user postgres can't.

sudo -u postgres changes user-id to postgres and then runs the commands. at now user postgres can't access the input file, or even the current directory.

Instead, do it this way:

$ sudo -u postgres pg_restore -C -d dvdrental < dvdrental.tar

This way the file is opened by your shell under your account before sudo starts and pg_restore then accesses the file content on standard input

Jasen
  • 3,761
  • Thanks. "user postgres can't access the input file, or even the current directory", how or where is this set up? – Tim Jun 15 '18 at 11:29
  • I have added permission bits of the file. The archive file is readable by anyone. – Tim Jun 15 '18 at 11:39
  • seems to be down some rabbit hole of the users home directory, user postgres needs execute permission on all the dirctories in that chain. it's easier to just use redirection instead. – Jasen Jun 16 '18 at 00:16
2

The current directory, and all its parent directories, have to be accessible for the postgres user, i.e. have the executable/searchable bit set for whichever owner/group/other permission applies on each directory when determining postgres’s permissions, or grant that permission using ACLs.

To check the permissions, use namei:

namei -l /path/to/directory

See How to check if a user can access a given file? for details.

Stephen Kitt
  • 434,908
  • Thanks. Is there a faster way to verify that there is anacestry directory without read or executable permission to anyone than manually ls -l every ancestry directory? – Tim Jun 15 '18 at 12:27
  • Thanks again. Is there a faster way to add read and execution permission bits for all the ancestry directories of a given file, than manually for each ancestry directory? – Tim Jun 15 '18 at 12:37
  • Also is it correct that if I have a symbolic link to a directory which doesn't have read and execution permission for anyone, making the link have read and execution permission for anyone still doesn't allow any one to traverse indirectly into the directory via the link? – Tim Jun 15 '18 at 12:40
  • I don’t think there’s a faster way to set the bits, because the appropriate value can depend on the directories’ ownership. Regarding symbolic links, they don’t carry permissions under Linux; a user’s ability to access a directory pointed to by a symbolic link is entirely determined by the directory’s permissions. – Stephen Kitt Jun 15 '18 at 12:53
  • What do the permission bits of a symlink do? – Tim Jun 15 '18 at 12:59
  • They don’t do anything on Linux. – Stephen Kitt Jun 15 '18 at 13:02
  • If a symlink doesn't have read and execution permission for anyone, does it mean we can't access the linked file via the symlink? – Tim Jun 15 '18 at 13:11
  • Under Linux, a symlink’s permissions don’t have any effect, and chmod won’t let you change them. Under Linux, a symlink can’t not have read and execution permission for every one. – Stephen Kitt Jun 15 '18 at 13:18
  • Thanks again. (1) Under other *nix, where chmod can change permission bits of a symlink, If a symlink doesn't have read and execution permission for anyone, does it mean we can't access the linked file via the symlink? (2) Under Linux, my symlinks have lrwxrwxrwx, so read and execution for anyone. I am confused what you mean by "Under Linux, a symlink can’t not have read and execution permission for every one". – Tim Jun 15 '18 at 13:19
  • (1) Other systems I’ve looked at (macOS and FreeBSD) allow symlink permissions to be changed, but ignore those permissions; access to a directory or file via a symlink is determined by the permissions of the target, not the symlink. (2) Yes, under Linux symlinks show rwx permissions for anyone. – Stephen Kitt Jun 15 '18 at 14:25