I'm trying to create a new user in PostgreSQL installed on Ubuntu 20.04:
$ sudo -u postgres createuser --superuser tommy
But when I try to create a database with that user it says unknown user:
$ sudo -u tommy createdb tommy_db
sudo: unknown user: tommy
sudo: unable to initialize policy plugin
The think is that I already know that there are UNIX users and PostgreSQL users and I don't know if I have to create first a UNIX user tommy or not.
I would like to take advantage of the post and ask what is the difference between a postgreSQL user and a UNIX user in postgreSQL in terms of database management.
PD: If I list the users using /du in plsql I can see the created user tommy:
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
tommy | Superuser, Create role, Create DB | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
Your system is probably using simple "peer" authentication by default. That is a common default for Linux-based package managers to use when they create a database for you.
To keep using that set up, then you yes you will need to set up "tommy" as a Linux user. Or, you will have to edit pg_hba.conf to pick a different method, like md5 (password) or gss (kerberos), or to add an ident map along with "peer" to describe which OS users are allowed to log in as which database users.
The only connection between the Linux user and the PostgreSQL user is the one created by the use of peer authentication.
Be sure to be logged as a root user by using sudo su or sudo -i
So that's likely part of the problem - when you use sudo -u postgres from the root account, it's trying to access root's home directory as the non-root user postgres.
That should work pretty well.
Related
I am new to technologies , please do not judge my question too strong :).
I installed in My Ubuntu 18.04 PostgreSQL 10.7. To be able to enter my DB I need to enter the following commands from my terminal. sudo -u postgres psql.
Is there any shortened way where I can connect it from my Ubuntu User account. For example. if I input psql it will open database environment where I can type PostgreSQL commands.
Thank you.
Just execute this command in your terminal :
alias psql='sudo -u postgres psql'
So the next time, you input psql and execute, you will be in database environment.
I see two options:
1) Create alias for this command sudo -u postgres psql .
2) Go to psql and create new superuser and database for it:
CREATE ROLE username SUPERUSER;
ALTER ROLE username WITH LOGIN;
CREATE DATABASE username;
You shouldn't be using the superuser account for your normal database work. That is as if you were using root for everything in Linux.
You need to create a regular user with the privileges to create or modify tables in your database. This can be done by granting the user all privileges on the database (which is not the same as making that user a superuser) or make that user the owner of that database.
As documented in the manual psql tries to connect to a database with the name of the current Linux user and with a database user with the name of the current Linux user. So if you want to keep things simple create a user with your regular Linux user's name and an database that is owned by that user:
create user rob password 'somepassword';
create database rob owner = rob;
Assuming your Linux user is rob, then all you need to do is:
psql
and you are connected to a database where you can create and manage tables.
Depending on how you installed Postgres, you might need to adjust pg_hba.conf to allow rob to log in directly.
Again: please do NOT use the superuser account for your normal work.
I am pretty much confused about root user,super user,user and permissions! I am not able to create a database inside user "athleticu". Following are the commands I used:-
athleticu#ip-172-30-4-103:/home/ubuntu$ createdb -T template0 simple_db1
createdb: database creation failed: ERROR: permission denied to create database
athleticu#ip-172-30-4-103:/home/ubuntu$ sudo createdb -T template0 simple_db1
sudo: unable to resolve host ip-172-30-4-103
createdb: could not connect to database template1: FATAL: role "root" does not exist
Please somebody clarify my doubts and tell me what should I write!
Hey I have already solved this. What you have to do is to first login as postgres user as follows:
$ su postgres
$ psql
postgres=# alter user athleticu createdb;
ALTER ROLE
Hope it helps you :)
Type \du in psql and you will see a list of all the registered users and what type of privileges each one has.
In order to grant privileges to the user which is logged in (eg 'user1'), I had to sign out and log in using one of the superuser roles in that list (eg. 'user2'), using the following command:
psql -U 'user2' -h localhost 'database2'
where 'database2' is the name of the one that specific superuser 'user2' has privileges to.
Once you are logged in as a superuser, you can grant privileges to 'user1' by:
ALTER ROLE user1 WITH CREATEDB
or
ALTER ROLE user1 WITH SUPERUSER
Then sign in again as user1, who is now a superuser.
This blog was helpful as well as this link.
Currently, this worked for me:
sudo su postgres
psql
ALTER USER username WITH CREATEDB;
\q
exit
The root user is an account on the system independent from Postgres. There is only one root user.
A superuser is an account in Postgres with access to everything. There may be many superusers.
System accounts and Postgres accounts are different things, although unless you specify a Postgres username when you connect to the database (through utilities like psql, createdb, dropdb, or otherwise), it will use the current system user's name in hopes that there is a corresponding Postgres account with the same name. The root user does not, by default, have a corresponding account in Postgres.
When you install Postgres on *nix, it creates both a superuser named postgres and a system user named postgres.
Therefore, when you need to do something with Postgres as the built-in superuser, you have two options:
You may sudo su - postgres to become the postgres system user and execute your command (createdb, psql, etc). Because the system user has the same name as the database superuser, your command will connect as the appropriate account.
You may specify the username to execute as with the -U switch, eg psql -U postgres ....
Depending on your Postgres server's authentication settings, you may be required to enter a password with either or both connection methods.
What you can do when you have fresh installation of PostgreSQL is create your user with some rights (see createuser documentation):
my-user> sudo su - postgres -c "createuser <my-user> --createdb"
This will allow my-user to create DBs just like so:
my-user> createdb <my-db>
If you want the my-user to be able to do anything just use the --superuser flag instead:
my-user> sudo su - postgres -c "createuser <my-user> --superuser"
I got the same error and I found out that the reason was that I was trying to create a database outside of psql as a user which did not exist for postgresql. I found out about it and solved it by taking the following steps:
In my terminal I logged in as postgres user (the root user by default for postgresql) by typing sudo -u postgres psql
While inside the psql I typed \du to see all users and their privileges. I found out that I had only one user (the postgres one) and I had to create another superuser which had the same username as my Linux user (george)
I typed (still inside psql) CREATE USER george SUPERUSER; and this way I created a new super user called george.
I exited psql (by typing \q) and I was now able from outside psql, meaning from my terminal, to run created db <database name> with no issues at all.
Error ? You are trying to perform database actions( Creating Database, creating Roles) using a user that doesn't have the permission for those types of actions you are trying to perform.
solution ? Simply login to your database on the command line, i.e for PostgreSQL one will use "sudo -u postgres psql", then confirm that users specific assigned roles using the command "\du", most probably he/she doesn't have the necessary permissions to perform the actions you wanted. Then simply assign the roles you want the user to perform ,i.e create Database or simply make user "Superuser" by following along(https://chartio.com/resources/tutorials/how-to-change-a-user-to-superuser-in-postgresql/)
I installed openerp 7 on ubuntu and worked for a while.
When I restarted ubuntu, I opened openerp and tried to login but didn't find the databases I've created before and it took me to the (Database Management) page in order to create a new database as if it were my first time.
I tried to make a duplicate of an existing database as a workaround, but when I wrote the old database name, I got this message:
ProgrammingError: permission denied to copy database "test"
I tried to access postgres using pgadmin and I succeeded and could access all the databases from the pgadmin.
You need to give the access rights on particular database for particular openerp user.
First Create the OpenERP user that will own and run the application
sudo adduser --system --home=/opt/openerp --group openerp
Then Next,
First change to the postgres user so we have the necessary privileges to configure the database.
sudo su - postgres
Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:
createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp
Enter password for new role: ********
Enter it again: ********
Finally exit from the postgres user account:
exit
Here is source link http://www.theopensourcerer.com/2012/12/how-to-install-openerp-7-0-on-ubuntu-12-04-lts/
I am trying to set my local postgresql so it does not have a password. I understand that this has to be done in the pg_hba.conf file and to acceess that file I have to be a postgres user. But to be a postgres user, I have to login with su postgres and enter the password that I don't have.
Any solution to this (I am on OSX)?
You're confusing several different concepts about the security model.
There is a postgres operating system user, which the PostgreSQL server runs as in order to isolate its data files and to limit damage in case of a security breach or application bug. PostgreSQL won't run as root for security. This user doesn't generally have a password, but you can change to it via the root account using sudo - you can sudo to this user with something like sudo -i -u postgres.
There is also a postgres database user, the default database superuser. This user doesn't generally have a password by default, but pg_hba.conf allows the postgres operating system user to connect as the postgres PostgreSQL user using peer authentication.
If you want you can change the configuration so that you use a password for the postgres database user, so you can psql -U postgres from any system user account:
ALTER USER postgres WITH ENCRYPTED PASSWORD 'blahblah';
Edit pg_hba.conf ("hba" is "host-based authentication") to use md5 authentication for local and host connections.
Re-start or re-load PostgreSQL
Similarly, if you want to allow any system user to connect as any database user without a password, you must modify pg_hba.conf and set trust as the authentication mode for local and host connection types. Please only use trust authentication for testing.
To learn more, see the client authentication chapter in the PostgreSQL documentation.
How can I set up multiple authentication methods for the same host/database/user rule? I want to be able to log in to my postgres user using both sudo -u postgres psql -U postgres (without having to enter a PostgreSQL password) and psql -U postgres --password. Something like the following in pg_hba.conf:
local all postgres md5
local all postgres peer
I can only get one method or the other working at the same time.
Thanks.
(I am using PostgreSQL 9.1).
Nope. Only one auth method is supported for any given configuration.
I'd love it if Pg could support fall-back authentication, where if an ident check fails it allows md5 auth instead. It doesn't support this at the moment, though, and I suspect (I haven't verified) that a protocol change would be required to support it.
What you can do is store the password in a $HOME/.pgpass file for the postgres system user. Give it mode 0600 so it's only readable by the postgres user and by root, both of whom can get direct access to the database files and configuration anyway. That way you get easy admin and md5 auth. On some systems you may have to set and create a home directory for the postgres user before you can do this. See getent passwd postgres to see if if the postgres user has a homedir and if so, where it is.
(UPDATE: used to read $HOME/.psqlrc - which is useful, but .pgpass is suitable for password storage)