[Ach] postgresql diff

Berg San bs at cyontris.eu
Tue Nov 26 19:22:27 CET 2013 

On 11/26/2013 08:54 AM, christian mock wrote:
>
> One minor thing:
>
>> +To start in SSL mode the server.crt and server.key must exist in the server's data directory \$PGDATA.
>> +Don't forget to set the right permission (0600) to your server.key.
>
> What user must the key belong to? "postgres" or "root"?

postgres

> (Also, but that's a personal preference, I set my key file permissions
> to 0400 to prevent me from accidentally messing with them)

We have never mentioned the file permissions of the key and crt files 
for the other services.

Therefore I've deleted the sentence.
-Don't forget to set the right permission (0600) to your server.key.

I've also added the section how to test and tested with version.

Diff is attached.

> cm.

Cheers
Berg

-------------- next part --------------
diff --git a/src/practical_settings/DBs.tex b/src/practical_settings/DBs.tex
index 191145a..fba39e8 100644
--- a/src/practical_settings/DBs.tex
+++ b/src/practical_settings/DBs.tex
@@ -14,7 +14,7 @@
 \subsubsection{MySQL}
 
 \begin{description}
-\item[Tested with Version:] with Debian 7.0 and MySQL 5.5
+\item[Tested with Version:] Debian 7.0 and MySQL 5.5
 
 \item[Settings:] \mbox{}
 
@@ -67,9 +67,7 @@ show variables like '%ssl%';
 \subsubsection{Postgresql}
 
 \begin{description}
-\item[Tested with Version:]
-
-\todo{version?}
+\item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1
 
 \item[References:]
 
@@ -83,7 +81,6 @@ Just change X.X with your preferred version e.g. 9.1
 
 
 To start in SSL mode the server.crt and server.key must exist in the server's data directory \$PGDATA. 
-Don't forget to set the right permission (0600) to your server.key. 
 
 Starting with version 9.2, you have the possibility to set the path.
 
@@ -104,9 +101,10 @@ ssl_ciphers = 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLI
 
 
 \item[How to test:]
-
-\todo{write this}
-% describe here or point the admin to tools (can be a simple footnote or \ref{} to  the tools section) which help the admin to test his settings.
+To test your ssl settings, run psql with the sslmode parameter:
+\begin{lstlisting}[breaklines]
+psql "sslmode=require host=postgres-server dbname=database" your-username
+\end{lstlisting}
 
 \end{description}

More information about the Ach mailing list