“I’m getting permissions errors when installing/running initdb”

The PostgreSQL wiki has a helpful section on Common Installation Errors:

I’m getting permissions errors when installing/running initdb

Make sure the PostgreSQL service account has permissions on the directories leading up to the one you have installed into. The installer will set permissions on the install directory but not on parent directories of it.

You may also see related errors show up as The database Cluster initialisation failed during the One Click installer. Check your install-postgresql log but it is usually related to permission errors. The following thread may help,


Or alternatively, you can fix up the directory permissions and then manually restart the initcluster.vbs script like this for v9,

cscript //NoLogo "<install_path>/installer/server/initcluster.vbs" "postgres" "postgres" "<password>" "<install_path>" "<data_path>" 5432 "DEFAULT"

The recommended fix is basically ‘do the installer’s job yourself’. The install script, initcluster.vbs, is pretty broken. It tries to use the icacls utility to set the correct permissions, but uses the wrong syntax. On my machine, the script invokes the command:

icacls "C:Program FilesPostgreSQL9.1" /grant Sco:(RX)(NP)

The command fails with the following error:

Invalid parameter "Sco:(RX)(NP)"

From the icacls documentation:

Perm is a permission mask that can be specified in one of the following forms:

  • A sequence of simple rights:

    • F (full access)
    • M (modify access)
    • RX (read and execute access)
    • R (read-only access)
    • W (write-only access)
  • A comma-separated list in parenthesis of specific rights:

    • D (delete)
    • RC (read control)
    • WDAC (write DAC)
    • WO (write owner)
    • S (synchronize)
    • AS (access system security)
    • MA (maximum allowed)
    • GR (generic read)
    • GW (generic write)
    • GE (generic execute)
    • GA (generic all)
    • RD (read data/list directory)
    • WD (write data/add file)
    • AD (append data/add subdirectory)
    • REA (read extended attributes)
    • WEA (write extended attributes)
    • X (execute/traverse)
    • DC (delete child)
    • RA (read attributes)
    • WA (write attributes)

Inheritance rights may precede either Perm form, and they are applied only to directories:

  • (OI): object inherit
  • (CI): container inherit
  • (IO): inherit only
  • (NP): do not propagate inherit

Inheritance rights precede perms, and simple perms do not require parenthesis. So, the syntactically correct parameter is Sco:(NP)RX.

Almost makes me want to use SQL Server Express instead. But I’ll sleep on it now and persevere tomorrow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s