I'm migrating all the role from my PostgreSQL hosted in GCE VM to Cloud SQL by generating dump file
sudo -Hu postgres pg_dumpall -U postgres --globals-only --file=globals.sql
When I import the same(globals.sql) in Cloud SQL I came across below error:
exit status 3 SET SET SET CREATE ROLE ERROR: must be superuser to alter superusers
Note:
I used postgres user to import this dump file to the cloud sql database.
I'm curious is there any other way to tackle this since postgres user does not have superuser privileges?
I tried executed one query from globals.sql file using cloud shell, below is the output:
postgres=> CREATE ROLE vipinm;
CREATE ROLE
postgres=> ALTER ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
ERROR: must be superuser to alter superusers
Thanks in advance!
The psql documentation says:
psql returns 0 to the shell if it finished normally, 1 if a fatal error of its own occurs (e.g., out of memory, file not found), 2 if the connection to the server went bad and the session was not interactive, and 3 if an error occurred in a script and the variable ON_ERROR_STOP was set.
So don't set ON_ERROR_STOP.
The error means that you cannot execute the following line from your dump:
ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS;
That is fine, and you can ignore the error.
This is kind of a bug. As a non-superuser, you can't even reiterate that another role is still not a superuser, as even mentioning anything about superusers even when it would have no effect throws an error. You can get around this by creating the role in its final state, rather than doing the CREATE then ALTER dance that pg_dump likes to do.
CREATE ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
Alternatively, you could remove from the ALTER statement all the attributes that don't cause any change but merely reiterate the current state of things, leaving:
ALTER ROLE vipinm WITH LOGIN;
Related
I am trying to create a migration. this is the output
MIX_ENV=prod DATABASE_URL="URL" mix ecto.migrate
[info] execute "CREATE EXTENSION citext;"
** (Postgrex.Error) ERROR 42501 (insufficient_privilege): permission denied to create extension "citext"
however until now it has been working in dev mode.
I did try
ALTER USER user WITH SUPERUSER
and installed postgresql-contrib package
but nothing works.
I had a similar issue and doing:
psql -d postgres, ALTER USER my_user_name WITH SUPERUSER and
setting the username in the Repo config to my_user_name
has resolved the issue.
So I think that the answer to the question might be doing 2. so making sure the DB user used by our application is the one that has SUPERUSER. Obviously you could also figure out without doing 2. what DB user name is used by default and then do 1. for that user.
I'm trying to set up a Heroku environment for python development following instructions on https://github.com/heroku/python-getting-started. When I run createdb python_getting_started:
I'm first prompted to give in a password: I entered the password of the user "postgres" in Postgres
I get an error message:
createdb database creation failed: ERROR: permission denied to create database
Don't really how to solve this one. The user "postgres" is allowed to create a database. I checked with \du that it is a Superuser and it has Create DB rights. What's going on here? Which user is Windows using to try to create a Postgres DB?
Most PostgreSQL utilities by default use your current OS session login for database connections.
You need to either set environment variable PGUSER to postgres or use createdb -U postgres python_getting_started.
You can read more about createdb parameters here, tho admittedly it does not mention default values.
EDIT: It actually does mention that it uses libpq defaults, and those are:
user
PostgreSQL user name to connect as. Defaults to be the same as the operating system name of the user running the application.
I am pretty much confused about root user,super user,user and permissions! I am not able to create a database inside user "athleticu". Following are the commands I used:-
athleticu#ip-172-30-4-103:/home/ubuntu$ createdb -T template0 simple_db1
createdb: database creation failed: ERROR: permission denied to create database
athleticu#ip-172-30-4-103:/home/ubuntu$ sudo createdb -T template0 simple_db1
sudo: unable to resolve host ip-172-30-4-103
createdb: could not connect to database template1: FATAL: role "root" does not exist
Please somebody clarify my doubts and tell me what should I write!
Hey I have already solved this. What you have to do is to first login as postgres user as follows:
$ su postgres
$ psql
postgres=# alter user athleticu createdb;
ALTER ROLE
Hope it helps you :)
Type \du in psql and you will see a list of all the registered users and what type of privileges each one has.
In order to grant privileges to the user which is logged in (eg 'user1'), I had to sign out and log in using one of the superuser roles in that list (eg. 'user2'), using the following command:
psql -U 'user2' -h localhost 'database2'
where 'database2' is the name of the one that specific superuser 'user2' has privileges to.
Once you are logged in as a superuser, you can grant privileges to 'user1' by:
ALTER ROLE user1 WITH CREATEDB
or
ALTER ROLE user1 WITH SUPERUSER
Then sign in again as user1, who is now a superuser.
This blog was helpful as well as this link.
Currently, this worked for me:
sudo su postgres
psql
ALTER USER username WITH CREATEDB;
\q
exit
The root user is an account on the system independent from Postgres. There is only one root user.
A superuser is an account in Postgres with access to everything. There may be many superusers.
System accounts and Postgres accounts are different things, although unless you specify a Postgres username when you connect to the database (through utilities like psql, createdb, dropdb, or otherwise), it will use the current system user's name in hopes that there is a corresponding Postgres account with the same name. The root user does not, by default, have a corresponding account in Postgres.
When you install Postgres on *nix, it creates both a superuser named postgres and a system user named postgres.
Therefore, when you need to do something with Postgres as the built-in superuser, you have two options:
You may sudo su - postgres to become the postgres system user and execute your command (createdb, psql, etc). Because the system user has the same name as the database superuser, your command will connect as the appropriate account.
You may specify the username to execute as with the -U switch, eg psql -U postgres ....
Depending on your Postgres server's authentication settings, you may be required to enter a password with either or both connection methods.
What you can do when you have fresh installation of PostgreSQL is create your user with some rights (see createuser documentation):
my-user> sudo su - postgres -c "createuser <my-user> --createdb"
This will allow my-user to create DBs just like so:
my-user> createdb <my-db>
If you want the my-user to be able to do anything just use the --superuser flag instead:
my-user> sudo su - postgres -c "createuser <my-user> --superuser"
I got the same error and I found out that the reason was that I was trying to create a database outside of psql as a user which did not exist for postgresql. I found out about it and solved it by taking the following steps:
In my terminal I logged in as postgres user (the root user by default for postgresql) by typing sudo -u postgres psql
While inside the psql I typed \du to see all users and their privileges. I found out that I had only one user (the postgres one) and I had to create another superuser which had the same username as my Linux user (george)
I typed (still inside psql) CREATE USER george SUPERUSER; and this way I created a new super user called george.
I exited psql (by typing \q) and I was now able from outside psql, meaning from my terminal, to run created db <database name> with no issues at all.
Error ? You are trying to perform database actions( Creating Database, creating Roles) using a user that doesn't have the permission for those types of actions you are trying to perform.
solution ? Simply login to your database on the command line, i.e for PostgreSQL one will use "sudo -u postgres psql", then confirm that users specific assigned roles using the command "\du", most probably he/she doesn't have the necessary permissions to perform the actions you wanted. Then simply assign the roles you want the user to perform ,i.e create Database or simply make user "Superuser" by following along(https://chartio.com/resources/tutorials/how-to-change-a-user-to-superuser-in-postgresql/)
When I attempt to enable hstore on my database:
=> CREATE EXTENSION IF NOT EXISTS hstore;
ERROR: permission denied to create extension "hstore"
HINT: Must be superuser to create this extension.
My user is not a superuser, but is the owner of the database.
According to the CREATE EXTENSION docs:
Loading an extension requires the same privileges that would be required to create its component objects. For most extensions this means superuser or database owner privileges are needed. The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of later privilege checks, as well as the owner of any objects created by the extension's script.
What is hstore doing that requires superuser privileges? Is it affecting parts of the cluster outside the database I'm adding it to?
Further confundity:
The DB user Heroku Postgres provides is not a superuser:
Heroku Postgres users are granted all non-superuser permissions on their database. These include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.
However, that user is able to CREATE EXTENSION hstore:
To create any supported extension, open a session with heroku pg:psql and run the appropriate command:
$ heroku pg:psql
Pager usage is off.
psql (9.2.4)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
ad27m1eao6kqb1=> CREATE EXTENSION hstore;
CREATE EXTENSION
ad27m1eao6kqb1=>
(For context, I'm attempting to set up a Dokku deployment, so the comparison to Heroku is especially important.)
The hstore extension creates functions that call code from an external dynamic object, which requires superuser privilege. That's why creating the hstore extension requires superuser privilege.
As for Heroku, it is my understanding that they are running with a special extension whitelisting module, which allows users to create certain extensions even though they are not superusers. I believe it is based on this code: https://github.com/dimitri/pgextwlist. You can try to install that code yourself if you want the same functionality in your databases.
ALTER USER myuser WITH SUPERUSER;
If you run this command from a superuser, this solves your CREATE EXTENSION issue. You may check your available users with \du to find a superuser.
This is not related to heroku.
This is how I solved this issue in ubuntu 18.04.
Provide postgres super user access.
sudo su postgres
Then I run:
psql -U postgres your_database_name -c 'create extension hstore;'
Now I can alter table your_database_name and add hstore type columns in it.
Connect to your database
psql -d your_database_name -U your_user_role
And
alter table your_table_name add your_column_name HSTORE;
Though there might be saveral different ways to do it, but I solve it in this way.
Hope this will help novice users like me.
A fresh installation of PostgreSQL 9.3 (according to the YUM Installation manual on the PostgreSQL wiki) on CentOS 6 (64-bit) will not grant permissions to any users.
I log in to the postgres user and open psql, then I create a role for my default user:
CREATE ROLE <name> WITH PASSWORD '<password>';
and then try to grant it privileges on the default postgres database:
GRANT ALL ON DATABASE postgres TO <user>;
which gives the expected output, but the user does not have any permissions on postgres.
The output of \dp <user> is quizically empty as well. Additional testing shows that I cannot give any users permissions. However, when I try to drop a role that has been granted these nonexistent permissions, it says
ERROR: role "<user>" cannot be dropped because some objects depend on it
DETAIL: privileges for database postgres
I am at a loss. I did also check to make sure the postgres Linux user has the appropriate file permissions on the PostgreSQL data directory.
Presumably you're expecting too much of GRANT ALL ON DATABASE postgres TO <user>;
ALL in this context means that the command is equivalent to:
GRANT CREATE,CONNECT,TEMPORARY ON DATABASE postgres TO <user>;
And the way you create the ROLE, it cannot login to any database anyway (you can check this with \du).
It could if it was created with:
CREATE ROLE name WITH LOGIN PASSWORD 'pass';
or use ALTER ROLE name WITH LOGIN later on.
Starting from this, to give the user permissions to create objects in the database, other forms of GRANT should be used.