Postges command exection without password - postgresql

I want to use rundeck to allow app user to reset their own password without admin access.
So I would like to execute this type of command:
export PASSFILE=/usr/pgsql-13/.pgpass ; /usr/pgsql-13/bin/psql -h hostname -U postgres -c """alter user ${job.username} PASSWORD '${option.Password}';"""
But the script fails because postgres ask for password
Any one have a workaround? The postgres DB is not a classic DB but aws aurora DB, so I don't have access to pg_hba file
Many thanks

If you want to use interactive commands on Rundeck you can use expect command, in that way you can "wrap" your command to "answer" any interactive command "question", that was answered here.

The environment valuable is called PGPASSFILE.
An alternative and simpler way is to specify the passfile connection parameter:
/usr/pgsql-13/bin/psql 'host=hostname user=postgres passfile=/usr/pgsql-13/.pgpass' -c "alter user ${job.username} PASSWORD '${option.Password}';"
You can also use the password parameter to specify the password in the connect string.

Related

What should the flow be for 'psql' command? Windows command line

I can access psql with 'psql -U postgres' followed by the password, but I can't access my defined user with the same 'psql -U definedUser' it just says 'definedUser isn't a database'.
Just to clarify.
How do I log in as a predefined user?
How do I quickly access psql from the command line?
Okay, I think I've figured it out. This comment is what swung it.. Very succinct and easy to solve. If the user has been created successfully, by default when you log in with said user psql attempts to find a database of the same name if it doesn't you get an error like 'desiredUsername isn't a database'.
You need to add the database name after the chosen username
psql -U desiredUsername desiredDatabase
https://stackoverflow.com/a/21827460/15592981

Automating a PG_DUMP of a PSQL database on Heroku

I'm trying to pg_dump certain schemas from my Heroku-hosted PSQL database into a local file.
Heroku provides me a DATABASE_URL in the form
# postgres://username:password#host:port/database
postgres://abcde:wxyz#ec2-21-82-72-112.compute-1.amazonaws.com:5762/riza3dj029012
Based on the above I tried dumping some schemas -
> pg_dump --username=abcde --host=ec2-21-82-72-112.compute-1.amazonaws.com --port=5762 --dbname=riza3dj029012 --create --schema=my_schema --password > ~/pg_dump.dmp
> password: (enter password)
Is there any way to provide the password as a flag so I don't have to type it in manually? I want to automate this in a script.
I know --no-password exists, but not sure what use that is, because it just prevents prompting for a password and then authentication (obviously) fails.
Thanks!
As #eabates mentioned in the comments you can create a .pgpass file for this purpose. More info can be found in the official documentation for Postgres: https://www.postgresql.org/docs/9.5/static/libpq-pgpass.html
Just create a file named .pgpass in the user home directory with as many lines as needed in the following format:
hostname:port:database:username:password

.pgpass with AWS RDS

I need to run multiple commands on an AWS Postgres RDS instance I have. I don't want to enter the password each time. I'm trying to use the .pgpass file but I'm running into errors. The first time I ran into an error which said 'role "ubuntu username" does not exist'. I logged in as the postgres user and created that username. After this, the error I get said database does not exist. I have a feeling these errors have nothing to do with trying to connect to the AWS RDS instance.
psql --host=<awshost> --port=5432 --username=<awsrdsusername> --password --dbname=<dbname asks for a password and then logs me in after I enter it. Now I put a file in /home/<ubuntuusername> called .pgpass which has <awshost>:5432:<dbname>:<awsrdsusername>:<password>. Permissions for this file are set to 0600. Now when I run psql from the terminal and that produces the error - psql: FATAL: role "<ubuntuusername>" does not exist. These steps are as outlined on this page.
Can someone help me with the steps to get a pgpass file to connect to an AWS RDS instance?
.pgpass doesn't provide connection information. You seem to expect that after you create a .pgpass file, you can run psql without arguments and it'll know where to connect. That is not the case.
The hostname, port, etc you put in .pgpass are there so that PostgreSQL knows which line to look at when matching the connection info to find its password.
If you had to run:
psql -h something
to connect without a .pgpass file, you still have to run the same thing to connect with a .pgpass file.
If you run psql without arguments it'll connect to the local PostgreSQL (if any), using the current unix username as the postgresql username and the database to connect to. That's why you get the error you do.
If you want to change the default connection, you can use environment variables like PGHOST, PGPORT, etc, and/or a .pgservice.conf file.
See the manual to learn more.

PostgreSQL 9.4, 64-bit windows: Unable to create user from commandline

I'm trying to create a user from command line using PostgreSQL version 9.4 on a 64 bit machine with windows.
I'm using the below command to create a new user:
createuser -d temba
On executing the above command, it prompts me for a password.
I enter the password (qwerty) which i used while installing PostgreSQL. on doing so, i get the below error:
psql: FATAL: password authentication failed for user "my-windows-user-name"
Next, i tried giving my login password for windows, i get the same error as above.
Can anyone guide me through the procedure for creating a new user from command line (only, I'm not allowed to use PgAdmin to create user).
I have checked previous posts with similar errors. But the problem there is, either they are not using windows or they are using a really old version of PostgreSql.
Any information on how to proceed about with this shall be really helpful.
Thanks in advance.
All Postgres command line tools try to connect to the database using the current operating system user if no database user is specified.
So you need to specify the user name of the Postgres superuser that is used to connect to the Postgres server:
createuser -U postgres -d temba
This becomes more evident if you use psql instead. You specify the Postgres user account and the target database when you start it:
psql -U postgres -d temba
Then at the prompt you can run create user ....
temba=# create user foobar ... ;
Which is what the command line tool createuser is doing in the background.

fabric postgres password in command

I have a fabric script that dumps database on server. And I can use it on multiple servers with the PostgreSQL database. The command is simple:
sudo("su postgres -c \"PGPASSWORD=%s pg_dump %s > /tmp/telemedia_newdb\""
% (HOST_SOURCE_DB_UPASS,HOST_SOURCE_DB))
But sometimes, Postgres does not ask for a password at all ...
Will this command fail without a password prompting from Postgres? (Or I know that it will not prompt and HOST_SOURCE_DB_UPASS=''). I want THIS code to work with or without password.
It all depends on how you set up access to your database in pg_hba.conf. There is a separate config file per database cluster (effectively per port) and settings can be different from database to database.
So, yes, if you have set it up that way, then the system user postgres will have password-less access to some databases but is prompted to enter a password for others. The default is that the system user postgres has password-less access to every database as database user of the same name (postgres).
If you provide a password in the command with the environment variable PGPASSWORD, but no password is needed, it will be ignored silently.
However, I quote the manual here:
PGPASSWORD (...) Use of this environment variable is not recommended for security reasons.
You can use a password file to provide passwords automatically (.pgpass on Unix systems). pg_dump will use it.
Finally, consider the command line options:
--no-password
--password
to force pg_dump to either prompt or not prompt for a password. If a password is required but disabled by --no-password, pg_dump will fail.
I would enable password-less access for the system user postgres to every database in the config file pg_hba.conf. Use peer or ident authentication methods. Then you don't have to provide a password and the script will always work:
local all postgres ident
Your script would be simplified to (untested):
sudo("su postgres -c \"pg_dump %s > /tmp/telemedia_newdb\"" % (HOST_SOURCE_DB))