I have a windows install of postgres 12.6-1 installed at port 6432. I have installed a newer version at port 9432 to test the database against our application.
Firstly I tried to dump globals from the 12 to sql, and install the user list into the 13. This was a disaster as all the users including the superuser now were inaccessible.
So I read the release notes, and it say to use pg_upgrade. After a lot of pain, I get it to run, but it appears to have just run the pg_dumpall like I did.
pg_upgrade failed at the point of generating databases as the local super user, because the user load has damaged the passwords and now the database cannot be accessed again.
I have checked the SQL output from the PG_DUMPALL command with and without --binary-upgrade, and it appears to be identical in it's generation of MD5 hash data from the database.
Do I need another tool?
An I doing something wrong?
The 13 database is empty, so any drastic action would be ok.
The ED 13 installation defaults the pg_hba.conf encryption to scram-sha-256. If you have loaded passwords with this encryption, keep it. If you (like me) unknowingly loaded md5 encrypted passwords, just change the encryption to md5 on the lines for pg_hba.conf and restart postgres.
If you wish to keep the scram-sha-256 encryption level, Then I suspect there is no alternative but to edit the pg_dumpall output and change the syntax to plain text password entry, and reset the passwords on the new db. I know this works because I just tried loading a sample of the file with plain text password, and was able to log in as the new user.
Thanks to Adrian Klaver and jjanes.
Related
I've been having a bit of trouble trying to install PostgreSQL 14 for the first time.
I would like to apologize in advance if this question has been asked in the manner that I am about to ask it, but I do not think it has. If it has been, please direct me to the appropriate location!
I've done a fair amount of Googling on the matter, and all the information that I find seems to be rather fragmented, or I end up following a spaghetti trail of hyperlinks (a la-do-this-and-follow-this-other-link-with-more-information-than-you-need-to-understand-this-other-required-portion).
Personally, I don't want to jump around to 50 different locations on the web to try and conjure up a piecemeal solution that I believe works, only to be proven wrong later. I want to know what to do and why it works. I've tried reading the documentation, and have given up on it, because to me, it seems to assume that the server has already been set up by a database administrator.
Instead of articulating my problem directly (as I seem to be having more trouble than I would like by trying to do so), I believe it would be easier to articulate my problem indirectly by stating what my expectations would be after installing PostgreSQL for the first time.
So to start, I will mention that I'm running Ubuntu 18.04.6 LTS, and am installing PostgreSQL 14.1 with the following command:
sudo apt install postgresql-14
Before continuing, I would like to add a side note in advance, that I do not want suggestions for an alternative OS or install method. I just want to be able to get "up and running" in a common-sense fashion from this exact point.
Moving on, I know that the aforementioned command creates a *nix user called postgres.
From here, I can now indirectly state my problem using an outline of what my goals and expectations are immediately after installing the software via that command.
After installing PostgreSQL via apt, these are my expected goals:
I want any client to be able to connect to the database server from any computer where a route exists from the client to the server.
For the sake of simplicity with these stated goals, when it is directly or implicitly stated that I am trying to connect a client to the database server, I am making the assumption that the client is able to, at a minimum, ping the machine that the server is running on, and vice versa.
For now, I'm not completely worried about the database being accessible from the public Internet.
I expect to be able to access the database from any computer on my LAN, whether it is an actual LAN, or some sort of logical LAN (like a WAN or a VPN).
If I change the PostgreSQL password of the postgres user, I expect that any client logging into the database server via the postgres user will require the password.
This means if I want to change the password to some_password via \password postgres or ALTER USER postgres WITH PASSWORD 'some_password'; (I am assuming this is how you change the login password of a PostgreSQL user), then...
I expect running psql [-h host] -U postgres -W from any host...
That when I am prompted to enter the password...
I can only log in by entering the exact password of some_password.
Entering any other arbitrary text for the password should not allow me to log in.
I am adding this as a requirement because previous install attempts have shown me that this is NOT the case.
I expect to be able to create a PostgreSQL user account other than postgres (e.g. db_user) with a password and have it be subject to the same requirements as the postgres user.
i.e. once the new account is given permission to log in, the same common-sense login requirements to log in must be imposed, i.e. you can't get in if you don't have the correct username/password combination.
If the process to achieve the aforementioned can be explained in such a way that it can be understood with minimal mental friction, I would be extremely grateful.
Feel free to assume that my knowledge is on par with that of a undergraduate CS student who just completed their first year of university, who also understands Linux filesystems and basic computer networking. I just want the answer to be as accessible to as many people as possible, as I am sure I'm not the only person who has struggled with installing PostgreSQL, in spite of having a power user's level of computer literacy.
sudo apt install postgresql
sudo -u postgres psql
Set a password for this user with \password or the other method you mention
sudo vi /etc/postgresql/10/main/pg_hba.conf
Make the only uncommented nonblank line in this file be host all all all md5
sudo vi /etc/postgresql/10/main/postgresql.conf
uncomment listen_addresses line and set it to '*'
sudo service postgresql restart
When you make a new user, you should also make a new database which has the same spelling as the user does. Otherwise you will need to specify the database name when you try to log in with psql -U, such as psql -U newname -d postgres -h[hhh]. Should you actually be running 14 not 10, then you will need to change the paths of the config files you need to edit accordingly.
I am using postgresapp for the PostgreSQL and without password I was able to connect to the database and perform operations. I am curious to learn about the password. Also I use Postico as Interface. Open to any suggestions.
The default for Postgres.app is to have no password and set trust-level authentication in pg_hba.conf. To change this, you need to do the following:
Alter the IP address and mask for host all all 127.0.0.1/32 trust as needed in pg_hba.conf, and change authentication method from trust to password or md5 (or whatever your requirements are)
Set the password for the desired user(s) with ALTER USER <username> WITH PASSWORD '<password>';
Reload the conf with SELECT pg_reload_conf()
Note your pg_hba.conf file is usually located in ~/Library/Application Support/Postgres/var-12 -- the sure-fire way to know is by querying SHOW data_directory in your psql prompt
Postgres.app is a great way to get Postgres running on macOS in a few minutes. It ships with a default user name and password, and they you're on your own. Postgres.app is a nicely compiled version of Postgres that you can run by double-clicking, you'll need other tools (and knowledge) to take advantage of Postgres. As you'll have noticed, the UI for Postgres.app is pretty much a few buttons to configure a server, and to give you shortcuts to the logs, configuration files, and data.
If you want to use psql (as mentioned), or any of the other command line tools, they're embedded in the application's package. Right-click, open the package, open Contents, open Versions, open the version you use, and look in bin.
If you want a GUI tool, there are many options. Since you say Postgres.app, I'll assume macOS. You've found Postico, SQLPro for Postgres is good, TablePlus is also good. Those tools have fairly uncluttered UIs. If you want or need more features, pgAdmin has a whole lot to offer, and it's free. I end up using Navicat a lot, even though it has a UI that screams "Look Ma! I wrote it in Java!" It gets a lot done. I'd say that day-to-day on macOS, I use SQLPro most. But, really, it's largely a matter of taste. psql is quite powerful, and you'll find no short of help for that.
In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
As I attempt to create my initial user account on postgresql, I am prompted for my password, though when I enter the correct one I recieve:
createdb: could not connect to database template1: FATAL: password authentication failed for user "thomasmurphy"
I am installing through brew. My thought is that somewhere along the line I've set a password different from my system one. How do I remove all users so I can reset this pass.
I get my permission denied even if I su to postgres. I have gone through every thread on stackoverflow on this issue, and have tried:
*modifying my pg hba_conf
*updating my gems and developer tools
*running brew doctor
*reinstalling postgres
*all the other command line ideas through the thread
My situation seems to not have cropped up before, which convinces me I've set a password at some point that is now tripping all of my attempts. Adding to this theory is that I have a postgres setup on my work computer, also on mavericks, function perfectly.
Note that unless you changed defaults, homebrew installs Postgres with you as the superuser rather than as the postgres user. The issue might be that you're trying to use postgres "as normal" whereas it doesn't need or event want the usual postgres user references.
You see the list of users on the system using cat /etc/passwd, and you can change an arbitrary password by running chpass as root.
I am working on an open source application that has PostgreSQL as its default DBMS. Now when I install it on my system, its configuration is so that PostgreSQL also gets installed with it.
My problem is with getting access to the installed PostgreSQL database. The database that gets created during installation is named iviewdb.
I read at many forums that the default superuser is postgres, but when I try to get access to the database using this username through a command prompt, it prompts me for password that I don't have.
I wanted to know from where in the PostgreSQL installation directory
the default username and password with the port number to access the database is stored. I have even tried changing the pg_hba.conf file, but that creates a problem with the application and it won't start then.
How can I find the password for this database? I am working in a Windows environment.
The password isn't stored in an easily recoverable manner, and if you change the password, the application may not be able to access the database properly. You may find the password in the application settings or documentation, though.
If you decide to risk changing the postgres user's password, stop the application and PostgreSQL service, and then edit pg_hba.conf. Add (or change if it already exists) a line (if it doesn't exist, add it before any other "host...." lines):
host all all 127.0.0.1/32 trust
And restart the PostgreSQL service. That should give you access from localhost, where you could change the postgres user's password, or add yourself another user with the permissions you want. Then set the pg_hba.conf file back the way it was and restart.
I've encountered this similar problem, and I noticed that the default being set for PostgreSQL upon installation in my case is as follows:
username = postgres
password = ' '