As per the AWS documentation for postgres rds , by default postgres or admin user doesn't have superuser privileges. How to assign rdsadmin for the postgres user. Can someone help me with this?
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html
I get below error when performing superuser tasks with postgres user
ERROR: must be superuser to alter superusers
Related
I'm migrating all the role from my PostgreSQL hosted in GCE VM to Cloud SQL by generating dump file
sudo -Hu postgres pg_dumpall -U postgres --globals-only --file=globals.sql
When I import the same(globals.sql) in Cloud SQL I came across below error:
exit status 3 SET SET SET CREATE ROLE ERROR: must be superuser to alter superusers
Note:
I used postgres user to import this dump file to the cloud sql database.
I'm curious is there any other way to tackle this since postgres user does not have superuser privileges?
I tried executed one query from globals.sql file using cloud shell, below is the output:
postgres=> CREATE ROLE vipinm;
CREATE ROLE
postgres=> ALTER ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
ERROR: must be superuser to alter superusers
Thanks in advance!
The psql documentation says:
psql returns 0 to the shell if it finished normally, 1 if a fatal error of its own occurs (e.g., out of memory, file not found), 2 if the connection to the server went bad and the session was not interactive, and 3 if an error occurred in a script and the variable ON_ERROR_STOP was set.
So don't set ON_ERROR_STOP.
The error means that you cannot execute the following line from your dump:
ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS;
That is fine, and you can ignore the error.
This is kind of a bug. As a non-superuser, you can't even reiterate that another role is still not a superuser, as even mentioning anything about superusers even when it would have no effect throws an error. You can get around this by creating the role in its final state, rather than doing the CREATE then ALTER dance that pg_dump likes to do.
CREATE ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
Alternatively, you could remove from the ALTER statement all the attributes that don't cause any change but merely reiterate the current state of things, leaving:
ALTER ROLE vipinm WITH LOGIN;
I'm a newbie to PostgreSQL and I'm trying to create a user/role on Postgres 11 (running on CentOS7) which is named (e.g.) "json_docs_admin" (same for password) that I can use under the OS user (e.g.) "app_user" to connect locally to the DB.
I have tried connecting to Postgres using "postgres" user and the command "psql -d template1" and ran the following commands:
template1=# create role json_docs_admin with login password 'json_docs_admin';
CREATE ROLE
template1=# create database json_docs owner=json_docs_admin;
CREATE DATABASE
template1=# GRANT ALL PRIVILEGES ON DATABASE json_docs TO json_docs_admin;
GRANT
I have changed the /var/lib/pgsql/11/data/pg_hba.conf so that local connections can be established on the server, and I've restarted the postgresql service.
Then, back under "app_user" user, when I try to connect to the database, I get the following errors:
$psql -d json_docs -U json_docs_admin
Password for user json_docs_admin:
psql: FATAL: database "json_docs" does not exist
Could anybody let me know what am I doing wrong?
Thanks.
created a postgresql instance on AWS with the username ziggy. I restored a database to that instance. however I cannot even select any of the tables
select * FROM mac_childcare_parcels
gives me ERROR: permission denied for relation mac_childcare_parcels
********** Error **********
the owner of that table belongs to the postgres login.
so i tried running this: grant all privileges on all tables in schema public to ziggy but since I am not a superuser I cannot give myself privileges so that throws a permissions error. what do I have to do to get access to the tables?
this does not work either
grant select on mac_childcare_parcels to ziggy
this query returns successful but does not let the login ziggy access the tables
GRANT USAGE ON SCHEMA public TO ziggy;
First login with superuser and provide all rds superuser access to the newly created user using a command like below
GRANT rds_superuser TO ziggy;
replace rds_superuser with your rds superuser.
You need to also GRANT USAGE on the SCHEMA, e.g.
GRANT USAGE ON SCHEMA public TO ziggy;
The superuser access is needed to run the access level queries. But as you said that access is not present then i would say copy the replica of the db which you have restored from backup and grant yourself as superuser.
then provide all needed access to any users.
I am pretty much confused about root user,super user,user and permissions! I am not able to create a database inside user "athleticu". Following are the commands I used:-
athleticu#ip-172-30-4-103:/home/ubuntu$ createdb -T template0 simple_db1
createdb: database creation failed: ERROR: permission denied to create database
athleticu#ip-172-30-4-103:/home/ubuntu$ sudo createdb -T template0 simple_db1
sudo: unable to resolve host ip-172-30-4-103
createdb: could not connect to database template1: FATAL: role "root" does not exist
Please somebody clarify my doubts and tell me what should I write!
Hey I have already solved this. What you have to do is to first login as postgres user as follows:
$ su postgres
$ psql
postgres=# alter user athleticu createdb;
ALTER ROLE
Hope it helps you :)
Type \du in psql and you will see a list of all the registered users and what type of privileges each one has.
In order to grant privileges to the user which is logged in (eg 'user1'), I had to sign out and log in using one of the superuser roles in that list (eg. 'user2'), using the following command:
psql -U 'user2' -h localhost 'database2'
where 'database2' is the name of the one that specific superuser 'user2' has privileges to.
Once you are logged in as a superuser, you can grant privileges to 'user1' by:
ALTER ROLE user1 WITH CREATEDB
or
ALTER ROLE user1 WITH SUPERUSER
Then sign in again as user1, who is now a superuser.
This blog was helpful as well as this link.
Currently, this worked for me:
sudo su postgres
psql
ALTER USER username WITH CREATEDB;
\q
exit
The root user is an account on the system independent from Postgres. There is only one root user.
A superuser is an account in Postgres with access to everything. There may be many superusers.
System accounts and Postgres accounts are different things, although unless you specify a Postgres username when you connect to the database (through utilities like psql, createdb, dropdb, or otherwise), it will use the current system user's name in hopes that there is a corresponding Postgres account with the same name. The root user does not, by default, have a corresponding account in Postgres.
When you install Postgres on *nix, it creates both a superuser named postgres and a system user named postgres.
Therefore, when you need to do something with Postgres as the built-in superuser, you have two options:
You may sudo su - postgres to become the postgres system user and execute your command (createdb, psql, etc). Because the system user has the same name as the database superuser, your command will connect as the appropriate account.
You may specify the username to execute as with the -U switch, eg psql -U postgres ....
Depending on your Postgres server's authentication settings, you may be required to enter a password with either or both connection methods.
What you can do when you have fresh installation of PostgreSQL is create your user with some rights (see createuser documentation):
my-user> sudo su - postgres -c "createuser <my-user> --createdb"
This will allow my-user to create DBs just like so:
my-user> createdb <my-db>
If you want the my-user to be able to do anything just use the --superuser flag instead:
my-user> sudo su - postgres -c "createuser <my-user> --superuser"
I got the same error and I found out that the reason was that I was trying to create a database outside of psql as a user which did not exist for postgresql. I found out about it and solved it by taking the following steps:
In my terminal I logged in as postgres user (the root user by default for postgresql) by typing sudo -u postgres psql
While inside the psql I typed \du to see all users and their privileges. I found out that I had only one user (the postgres one) and I had to create another superuser which had the same username as my Linux user (george)
I typed (still inside psql) CREATE USER george SUPERUSER; and this way I created a new super user called george.
I exited psql (by typing \q) and I was now able from outside psql, meaning from my terminal, to run created db <database name> with no issues at all.
Error ? You are trying to perform database actions( Creating Database, creating Roles) using a user that doesn't have the permission for those types of actions you are trying to perform.
solution ? Simply login to your database on the command line, i.e for PostgreSQL one will use "sudo -u postgres psql", then confirm that users specific assigned roles using the command "\du", most probably he/she doesn't have the necessary permissions to perform the actions you wanted. Then simply assign the roles you want the user to perform ,i.e create Database or simply make user "Superuser" by following along(https://chartio.com/resources/tutorials/how-to-change-a-user-to-superuser-in-postgresql/)
A fresh installation of PostgreSQL 9.3 (according to the YUM Installation manual on the PostgreSQL wiki) on CentOS 6 (64-bit) will not grant permissions to any users.
I log in to the postgres user and open psql, then I create a role for my default user:
CREATE ROLE <name> WITH PASSWORD '<password>';
and then try to grant it privileges on the default postgres database:
GRANT ALL ON DATABASE postgres TO <user>;
which gives the expected output, but the user does not have any permissions on postgres.
The output of \dp <user> is quizically empty as well. Additional testing shows that I cannot give any users permissions. However, when I try to drop a role that has been granted these nonexistent permissions, it says
ERROR: role "<user>" cannot be dropped because some objects depend on it
DETAIL: privileges for database postgres
I am at a loss. I did also check to make sure the postgres Linux user has the appropriate file permissions on the PostgreSQL data directory.
Presumably you're expecting too much of GRANT ALL ON DATABASE postgres TO <user>;
ALL in this context means that the command is equivalent to:
GRANT CREATE,CONNECT,TEMPORARY ON DATABASE postgres TO <user>;
And the way you create the ROLE, it cannot login to any database anyway (you can check this with \du).
It could if it was created with:
CREATE ROLE name WITH LOGIN PASSWORD 'pass';
or use ALTER ROLE name WITH LOGIN later on.
Starting from this, to give the user permissions to create objects in the database, other forms of GRANT should be used.