Re: BUG #19388: Failing to connect to postgres with EACCES error

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Tom Lane <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: BUG #19388: Failing to connect to postgres with EACCES error
Date: Fri, 23 Jan 2026 10:35:45 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

PG Bug reporting form <[email protected]> writes:
> Running on k8s pods, I have an issue where a process cannot connect to an
> Azure Postgres server due to a permission error.
> ...
> We use standard SSL without client certificates and the running process is
> setup without a homedir for security reasons.

I'm pretty skeptical that that is a good idea, but if you are stubborn
about it you could explicitly specify "sslcert=/no/such/file" and so
on in your connection parameters.  Another way is to make the HOME
environment variable point at a directory that actually doesn't exist,
rather than one that has access restrictions.

> I noticed from the postgres source code that only ENOENT & ENOTDIR are
> allowable errors but EACCES is a fail condition.
> I understand the reasoning for checking for existence of certificates, but
> can the Permission Denied error also be treated as "Can't get client certs,
> continue to try to connect without"?

No, I don't think that would be an improvement in user experience
for most people.  If your cert isn't working and libpq fails to
tell you why not, debugging that could be pretty unpleasant.

If anything, I'd lean towards removing the special exception for
ENOTDIR ... I wonder why that's there.

			regards, tom lane

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: BUG #19388: Failing to connect to postgres with EACCES error
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox