HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlModerate

Postgres seems to ignore listen_addresses setting

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
ignorepostgresseemssettinglisten_addresses

Problem

I'm trying to DISABLE remote client access on my Postgres 9.5.7 database (running Ubuntu 16.04).

I made what I thought are the correct changes (see below) to no avail. I can think of two reasons why my changes wouldn't work:

  • I'm editing the wrong file



  • I'm not restarting the service properly



I thought I ruled these out, but remote clients can still talk. So what am I missing?

Actually, what I'm trying to do is revert my changes that enabled remote client access on so I can capture those changes and re-apply them with our salt stack. Before I start running deployment tests via salt I want to know that remote access is disabled so that I can be confident that my salt stack is making the changes.

Some data

I'm starting postgres using the same config file I'm editing (ps output reformatted for readability)

postgres@testweb:~$ ps -eaf | grep bin/post
postgres [snip] /usr/lib/postgresql/9.5/bin/postgres 
                -D /var/lib/postgresql/9.5/main 
                -c config_file=/etc/postgresql/9.5/main/postgresql.conf


postgres is configured to listen on the localhost port only (this was '*' earlier)

postgres@testweb:~$ grep listen_addresses /etc/postgresql/9.5/main/postgresql.conf
listen_addresses = 'localhost'      # what IP address(es) to listen on;


Host-based auth is set to localhost. This shouldn't matter if I'm DISABLING access, correct? My understanding is that if listen_addresses='localhost' then remote client access will not work.

postgres@testweb:~$ grep ^host /etc/postgresql/9.5/main/pg_hba.conf
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5


I'm editing the correct config files, yet listen_addresses claims *

```
postgres@testweb:~$ sql
psql (9.5.7)
Type "help" for help.

postgres=# show config_file;
config_file
------------------------------------------
/etc/postgresql/9.5/main/postgresql.conf
(1 row)

postgres

Solution

Look at the postgresql.auto.conf file in your $PGDATA.

If someone uses the ALTER SYSTEM command to change the settings, you will find the value there.

postgresql.auto.conf is read after postgresql.confand each setting put in this file overwrite those in postgresql.conf...

It's worth giving a look...

Context

StackExchange Database Administrators Q#180177, answer score: 11

Revisions (0)

No revisions yet.