Monday, March 14, 2011

Postgres: error while loading shared libraries... permission denied


A new installation of PostgreSQL 9.0.3 running on Linux Server 5.4 does not seem to be running: applications are not able to access it.  You check the status of the Postgresql-9.0 service and see the following:
/opt/PostgresPlus/9.0SS/bin/pg_ctl: error while loading shared libraries:
/opt/PostgresPlus/9.0SS/bin/../lib/ cannot restore segment prot after reloc: Permission denied
You'll resolve this error in three distinct steps: 1) perform status check; 2) implement a temporary fix; and 3) implement a permanent fix.  You will be shown how to perform each step both from the command line and using the appropriate GUI tool.


Step 1: Perform Status Checks

This problem is likely due to the Linux Server's SELinux Current Enforcing Mode property being set to Enforcing. First let's run a few checks to see if this might be the case.  Open a terminal, and then enter each of the following commands:
$ /usr/sbin/getenforce
$ /usr/sbin/sestatus
If the SELinux is running, and the Current Enforcing Mode property is set, you should see something like the following after running each of these commands:

You can also do this step by using the SELinux Management GUI tool.  From the System menu go to Administration and then select SELinux Management:

The SELinux Administration tool window appears.

The Current Enforcing Mode property setting will be displayed.  This completes status check.  Next, let's implement a temporary fix to get integrated applications up and running quickly.

Step 2: Implement Temporary Fix

Temporarily disable enforcement, and then check the status of this property once again.  At the prompt, enter the following commands:
$ /usr/sbin/setenforce 0
$ /usr/sbin/getenforce
You should see something like the following after running each of these commands:

Or, if you would rather use the GUI, on the SELinux Administration tool, just change the Current Enforcing Mode property setting from Enforcing to Permissive, like so:

Close the SELinux Administration tool. 

Next, restart the Postgresql-9.0 service.  From the terminal prompt, enter the following command:
$ service postgresql-9.0 start
You should see something like that shown below:

If you want to do this from a GUI, then from the System menu, go to Administration, and then select Services.  The Service Configuration window appears.

Scroll the left list pane down until you see the postgresql-9.0 service.  When you see this service, select it.  Now look at the right Status pane.  The current status information associated with the selected service appears there.  You should see something like that shown in the figure below:

Click on the Start button just above the service list pane on the left.  After a few moments, an information prompt will appear indicating successful startup:

And if you look in the Status pane again, you'll see a new message:

Step 3: Implement Permanent Fix

At this point, your PostgreSQL instance is up and running and accessible by your other integrated applications.  However, should the Linux server hosting this instance be shutdown and restarted, you'll go through all of this all over again.  To implement a permanent fix, you'll need to edit the SELinux Config file.  Enter the following commands:
$ gedit /etc/selinux/config
The gedit text editor opens to the SELinux Config file.  Note the setting of the SELINUX property.

Change the setting of the SELINUX property from enforcing to permissive, like so:

Save and exit gedit.  That's it.  You're done.  As a final test, reboot the system, and then check postgresql-9.0 service status: this time it will be running after a reboot.

  • To check the status of a service from the command line:
    • $ service [servicename] status
    • $ ps -ef | grep [servicename]
  • If you need to enforce SELinux policy consistently then consider implementing a selective SELinux policy.

No comments: