CentOS 7 pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied

Question

PostgreSQL 10.6 and CentOS 7

pg_ctl status
pg_ctl: could not access directory "/var/lib/pgsql/data": Permission denied`

Wouldn't pg_ctl have access to this, given /var/lib/pgsql/data has ownership postgres:postgres?

drwx------   3 postgres postgres   94 Nov 14 06:43 pgsql

How can I fix this without creating a vulnerability? Why is this throwing an error?

Additional info (edit):

su - postgres
cd /var/lib
/var/lib/pgsql: drwx------  3 postgres postgres   94 Nov 14 06:43 pgsql
/var/lib/pgsql/10: drwx------ 4 postgres postgres  33 Nov 14 06:38 10
/var/lib/pgsql/10/data:  drwx------ 20 postgres postgres 4096 Nov 15 03:47 data

Answer 1

In UNIX, each process runs with the permissions of the user that starts the executable, not the owner of the executable (unless the SETUID flag is set).

So it doesn't matter who owns pg_ctl, but you have to be user postgres when you run it.

Answer 2

This needs few troubleshooting steps to pinpoint the real issue.

1. Find out the user/owner and files permissions for that location in Linux:

Ls - al /var/lib/pgsql/data/

ls - al /var/lib/pgsql/

2. Try to change to the postgres user and access the directory in 1

   # su - postgres

Following links should fill in blanks for few steps to check things out. On #2 link, you aren’t moving the dir, but you see steps to ensure dir is ready/accessible

https://wiki.postgresql.org/wiki/First_steps

https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-16-04

Update

From comments, it looks like pg ctl is run as user x... and lacks sufficient permissions

Without knowing much about your environment, it may be better to let postgres be that user who runs pg ctl since it’s already doing stuff related..