I am trying to set-up automatic backup for postgres db on a local headless server on Debian. I have a script:
#!/bin/bash
export PGPASSFILE='/home/mtn/.pgpass'
pg_dumpall -U db_user --verbose 2>/var/log/postgresql/pgdump.log | gzip > /mnt/bulk-data/db_backup/db_bak.gz
Have a .pgpass file:
-rw------- 1 mtn mtn 47 Nov 13 10:14 .pgpass
with:
*:*:*:postgres:guest
*:*:*:db_user:guest
And a sudo crontab -e job:
20 0 * * * /home/mtn/backup.sh >/dev/null 2>&1
pg_hba:
local all postgres peer
When i try to run it i get:
pg_dumpall: error: could not connect to database "template1": FATAL: Peer authentication failed for user "db_user"
Where's the mistake?
PS Everything works if i change the script to run as root sudo -u postgres pg_dumpall.
UPDATE:
What worked for me in the end is adding this line to pg_ident.conf:
omicron root postgres
Then to pg_hba.conf before everything else:
local all all ident map=omicron
And changing script to run pg_dumpall as user postgres (only because db_user didn't have all necessary privilegies to dumpall).
In the absence of a user map via pg_ident.conf, only a linux user named "db_user" is allowed to log in as the database user "db_user". That is what peer authentication means. Your .pgpass doesn't matter, as peer authentication doesn't use passwords.
The one line from pg_hba you show also doesn't matter, because "postgres" != "db_user" so that line doesn't match. But clearly you have other lines as well which you haven't shown us. If you look in the server's log file you should find more details about the error, and which line of pg_hba was used.
There are lots of solutions. You could change your linux username to match the postgres username, or change the postgres username to match the linux username, or use pg_ident.conf to map between them, or change your pg_hba (the correct line of it!) to use md5 rather than peer.
Related
sup guys!
I'm trying to create a server local in pdAdmin 4, but everytime i'm trying to create i get this error:
[Error in pgAdmin]
in case 'veterano' its my username...
my tries to make this run (but doesnt work)
Checking if Postgres Service is Installed correctly:
$ sudo systemctl is-active postgresql
terminal back:
active
$ sudo systemctl is-enabled postgresql
terminal back:
enabled
$ sudo systemctl status postgresql
terminal back:
active (exited)
$ sudo pg_isready
terminal back:
/var/run/postgresql:5433 - accepting connections
My configuration to pg_hba.conf :
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
(every time after change something in pg_hba.conf I run $ sudo systemctl restart postgresql to restart postgress service.)
Checking psql and the new superusers:
$ sudo -u postgres createuser -s $USER
terminal back
createuser: error: creation of new role failed: ERROR: role "veterano" already exists
if I try
psql -U veterano i can login... so i try \du to check list of roles
terminal back
List of roles
Role name | Attributes | Member of
-------------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
veterano | Superuser, Create role, Create DB | {}
So I try create a localhost server in terminal:
$ psql -h localhost -d mydatabase -U veterano -p 5432
terminal back:
Password for user veterano:
(I put my password maked with ALTER USER veterano PASSWORD 'newPassword';)
terminal back error
psql: error: FATAL: password authentication failed for user "veterano"
I really don't know what to do... I tried everything and still cant create a local server in pgAdmin 4 or directly in terminal.
Using Ubuntu 20.04.2 LTS
(Sorry for my english )
This is probably too late. but I have the same issue with veterano, and what I did was to change the password for the account "postgres" that I have :
(For those who don't know, postgresql has a user named "postgres" by default after installation)
Steps:
Access PSQL
$ sudo su - postgres
Then try to change the password for "postgres" user by typing :
postgres=# \password
You can then specify any password you want for this account.
Once thats done, you can use pgAdmin to connect using "postgres" username and the password that you just set.
Either you didn't set a password for the user, or you set a different password.
Connect using psql with psql -U veterano and set the password:
veterano=> \password
Enter new password:
Enter it again:
Now you should be good.
Try putting quotation marks '' on your password at your config file.
First we have to get inside postgres through using
sudo -u postgres psql postgres
Enter password for user postgres
Now the terminal will be like this:
postgres=#
Now enter the given line after postgres=#
CREATE USER username WITH PASSWORD 'your password';
(put your password inside quotes('') and don't forget semicolon(;)
I am using psql to connect to a PostgreSQL database on Debian 10. I am trying to connect as the postgres user, to the default postgres database. By default, this is using the 'peer' authentication method, which does not require a password.
If I log in using the 'peer' authentication and set a password using the following command:
ALTER USER postgres WITH PASSWORD 'myPassword';
The query executes successfully, however when I edit pg_hba.conf to change the authentication method from:
local all postgres peer
to:
local all postgres scram-sha-256
and restart the server, I get the following error:
~$ sudo -u postgres psql postgres
Password for user postgres:
psql: FATAL: password authentication failed for user "postgres"
~$
Does anyone know how to do this?
To change the authentication method in PostgreSQL:
Open a terminal window
Change into the postgres bin directory
Example: cd /usr/local/pgsql/bin
Note: Depending on your install environment the path to the bin directory may vary.
Type su – postgres and press Enter. This will change the logged in to the postgres user.
From the bin directory type ./psql
Type:
ALTER USER your_username password 'new_password'; and press Enter. ALTER ROLE should be displayed.
Type \q and press Enter
Open /path_to_data_directory/pg_hba.conf
Example: /etc/postgresql/11/main/pg_hba.conf
Modify the line at the bottom of the config file to resemble one of these examples.
Note: You will probably only have to change the word trust to md5. The line or lines should already exist.
host all postgres peer
host all your_username your.ip your.subnet md5
Save the changes
Restart PostgreSQL service with systemctl restart postgresql.service
Before you assign the password, you probably need to set the password_encryption to "scram-sha-256". Otherwise, you stored the password in the md5 format, and such a password cannot be used to login when pg_hba.conf calls for "scram-sha-256".
The default setting of password_encryption is still md5. It will change to be "scram-sha-256" in v14.
The error message sent to the unauthenticated user is intentionally vague. The error message in the server log file will probably say DETAIL: User "postgres" does not have a valid SCRAM secret. (If it does not, then ignore this answer, and edit your question to tell us what it does say)
You need to 1st in the shell change to be the "postgres" user which you're not doing correctly above:
sudo su - postgres
Then you can do the following as peer auth:
psql -d postgres -U postgres
Also recommend you set a pw for postgres sql user:
\password postgres
& change the authentication method to "md5", not "peer".
My OS is Fedora 26
I have installed Postgresql and Phoenix.
Postgres has a superuser "postgres" with password "postgres". This is confirmed by running \du in psql.
When I run $ mix ecto.create, I get
** (Mix) The database for Hello.Repo couldn't be created: FATAL 28000 (invalid_authorization_specification): Ident authentication failed for user "postgres"
I suspect it may be a permissions issue. To log into psql requires
$ sudo -u postgres psql postgres
Whereas Phoenix when attempting to use postgres may not have sudo privilages.
$ psql --version
psql (PostgreSQL) 9.6.8
Any thoughts appreciated.
By default the authentication for the postgres database user connecting to the DB locally is to verify that the operating system user is also postgres. This is what the error message refers to as Ident authentication and is why connection after doing sudo -u postgres works.
To connect as the postgres user using another means of authentication you need to edit the pg_hba.conf file. (HBA stands for host based authentication).
The line that allows this will look like this:
local all postgres peer
Add a line that looks like this (without removing the other line!):
local all postgres md5
And you should be able to connect using the password for postgres as well.
If I remember correctly you will need to restart the DB for this to take effect.
I do not know what is wrong with my settings, but when I try to connect to a database with
psql -h {db address} -U {username} -w {db name}
It works fine, so the .pgpass file is OK.
But if I connect to the local DB, and try this:
select dblink_connect_u( 'conName', 'hostaddr={address} port={port} dbname={dbName} user={userName} ' );
I get the error:
ERROR: could not establish connection
DETAIL: fe_sendauth: no password supplied
With password in the connection string, it works well, but I do not want the password to be visible by anyone.
Any idea why is this doing this?
Postgres version : 9.3
Edit:
OS: postgres is running on my computer(win7) and on the remote server too(Ubuntu server 14.04). In Windows, the pgpass.conf file is : Users/Myuser/AppData/Roaming/postgres/pgpass.conf, on Ubuntu: /var/lib/postgres/.pgpass
But I've tried with Ubuntu on both local and remote server too, with the same .pgpass location, and the postgres process is running as postgres user, but the result is the same.
.pgpass file content:
192.168.1.47:5432:*:remoteusername:remotepassword
192.168.1.46:5432:*:localusername:localpassword
The two databases are not on the same machine.
Update
It seems to be an IP address resolve problem, because when I try the dblink_conncet_u() with 'hostaddr=ip_address_here' it is not working. But when I put the hostname in the .pgpass file instead of the IP address, and in the connection string I use 'host=hostname_here' it works fine.
Now then, db_link() will be running on the backend server process as user postgres.
Is your .pgpass file in the correct place for user postgres on the database machine?
If not, how do you expect it to be read?
I think you must have missed something:
# ls -l /var/lib/postgresql/.pgpass
-rw------- 1 root root 79 Jun 24 08:10 /var/lib/postgresql/.pgpass
(meanwhile, in psql...)
dblinklocal=# SELECT dblink_connect('conn1', 'hostaddr=127.0.0.1 port=5432 dbname=dblinkremote user=testuser');
ERROR: could not establish connection
DETAIL: fe_sendauth: no password supplied
# chown postgres:postgres .pgpass
dblinklocal=# SELECT dblink_connect('conn1', 'hostaddr=127.0.0.1 port=5432 dbname=dblinkremote user=testuser');
dblink_connect
----------------
OK
(1 row)
I created a phoenix project from the hello example using digital ocean. I entered the username and password from the etc/motd.tail file. I keep getting the error message below. I am a beginner and for some reason I just cannot get ecto to install correctly.
** (Mix) The database for Hello.Repo couldn't be created, reason given: psql: FATAL: password authentication failed for user "elixir"
FATAL: password authentication failed for user "elixir"
You can use the following Postgress database credentials:
* User: elixir
* Pass: ***
install. Any help would be appreciated.
I get the same error using Ubuntu 14.04 and I corrected resetting the 'postgres' password:
$ sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'postgres';"
and restart postgres service:
sudo service postgresql restart
I assume this error is happening on the mix ecto.create task?
This happens because Ecto uses psql to create the database, however this is no longer the case in the upcoming Ecto 2.0.
The following GitHub issue shows the same issue https://github.com/elixir-lang/ecto/issues/1207
The relevant comment with the fix is https://github.com/elixir-lang/ecto/issues/1207#issuecomment-172570064:
My database config (pg_hba.conf) was apparently wrong.
For anyone else encountering this:
host all my_user 127.0.0.1/32 trust will not work
host all my_user localhost trust will work
Please check your pg_hba.conf (likely in /etc/postsgresql/9.x/pg_hba.conf).
We just need to create a new postgresql username and password according to the files inside config folder using this db method
$ sudo -u postgres createuser <username>
$ sudo -u postgres createdb <dbname>
$ sudo -u postgres psql
psql=# alter user <username> with encrypted password '<password>';
psql=# grant all privileges on database <dbname> to <username> ;
I needed to update the pg_hba.conf to make this work.
I am using Fedora, so get to /var/lib/pgsql/data
# "local" is for Unix domain socket connections only
local all postgres peer
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 ident
Then I created an elixir user in postgres with databse creation capabilities and configured it in dev.exs (user/password/database)