Setting up production postgres (createdb permissions) - postgresql

I'm setting up postgres on DigitalOcean. I've set PG envs. The 9s are obviously redacted data. To facilitate the ssl connection, ~/.postgresql/root.crt exists.
# env | grep PG
PGPORT=99999
PGPASSWORD=9999999999999
PGSSLMODE=require
PGUSER=doadmin
PGDATABASE=auth_service_prod
PGHOST=private-db-postgresql-sfo9-99999-do-user-9999999-9.a.db.ondigitalocean.com
When calling createdb, it fails:
# createdb
createdb: could not connect to database template1: FATAL: pg_hba.conf rejects connection for host "10.999.9.99", user "doadmin", database "template1", SSL on
I can connect to psql, though. I don't know enough about configuring postgres to allow doadmin to create a db, but hopefully here is some useful info:
# psql
psql (11.7 (Debian 11.7-0+deb10u1), server 11.8)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
auth_service_prod=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
_dodb | Superuser, Replication | {}
doadmin | Create role, Create DB, Replication, Bypass RLS | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
auth_service_prod=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-------------------+----------+----------+-------------+-------------+-----------------------
_dodb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
auth_service_prod | doadmin | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
defaultdb | doadmin | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(5 rows)

DigitalOcean doesn't allow createdb from postgres, apparently. I removed the code creating databases, and created them "manually" from their GUI. The app is now only responsible for managing the schema, not the database(s).

Related

How to connect to Postgres 13 by user with some database

I installed
postgres=# SELECT version();
version
--------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 13.5 (Ubuntu 13.5-0ubuntu0.21.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0, 64-bit
(1 row)
and I want to create connection for my project(java, php, what ever) so for that I followed in user guide
CREATE ROLE admin WITH SUPERUSER LOGIN CREATEDB CREATEROLE ENCRYPTED PASSWORD '111';
and right now faced with that
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
admin | Superuser, Create role, Create DB | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
So, after that
CREATE DATABASE spd_talks;
and faced with
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 |
spd_talks | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 |
template0 | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
and provide all grant
GRANT ALL PRIVILEGES ON DATABASE spd_talks TO admin;
then admin was added to Access privileges column
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 |
spd_talks | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 | =Tc/postgres +
| | | | | postgres=CTc/postgres+
| | | | | admin=CTc/postgres
template0 | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | ru_UA.UTF-8 | ru_UA.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
then I try to connect to spd_talks db by admin user and faced with error
ivan#ivan-laptop:~$ psql -U admin spd_talks
psql: error: FATAL: Peer authentication failed for user "admin"
the same case when I try to did it by IDE
what I missed, how to correct create user with db and connect by him?
I changed
local all postgres peer
to
local all postgres md5
in
sudo gedit /etc/postgresql/13/main/pg_hba.conf
but still faced
ivan#ivan-laptop:~$ psql -U admin -d spd_talks
psql: error: FATAL: Peer authentication failed for user "admin"
UPDATE
when I changed
local all all peer
to
local all all md5
I faced with successful connection by console
ivan#ivan-laptop:~$ psql -U admin -d spd_talks
Password for user admin:
psql (13.5 (Ubuntu 13.5-0ubuntu0.21.04.1))
Type "help" for help.
spd_talks=#
but still error in ide
I resolved this missundertood by
spd_talks=# \conninfo
You are connected to database "spd_talks" as user "admin" via socket in "/var/run/postgresql" at port "5434".
and I don't now why but port is 5443, then I canged it in ide and it works

Postgres not recognizing created users

I've just installed a PostgreSQL 10 on Ubuntu 18.04. I have postres default user setup with a password.
I created some users and databases but I'm getting this error. How do I get passed this?
:~$ sudo -i -u myUser01
sudo: unknown user: myUser01
sudo: unable to initialize policy plugin
I verified they exist:
List of roles
Role name | Attributes | Member of
-----------------+------------------------------------------------------------+-----------
myUser01 | Superuser, Create role, Create DB | {}
myUser02 | Superuser, Create role, Create DB | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------------+----------+----------+---------+---------+-----------------------
myUser01 | postgres | UTF8 | C.UTF-8 | C.UTF-8 |
myUser02 | postgres | UTF8 | C.UTF-8 | C.UTF-8 |
postgres | postgres | UTF8 | C.UTF-8 | C.UTF-8 |
template0 | postgres | UTF8 | C.UTF-8 | C.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | C.UTF-8 | C.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
Here's my etc/postgresql/10/main/pg_hba.conf. Notice I have DB admin set to md5 instead of peer in case this matters.
# Database administrative login by Unix domain socket
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5

Postgres will list my database, but it doesn't exist when I try connecting to it

From terminal, I
sudo su postgres
psql
\l:
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
nwnx | nwnx | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
But when trying to connect to it:
\c nwnx:
FATAL: database "nwnx" does not exist
Previous connection kept
quote_ident:
postgres=# select quote_ident(datname) from pg_database;
quote_ident
-------------
postgres
template1
template0
nwnx
(4 rows)
dumpall:
pg_dumpall --schema-only | grep '\connect'
\connect template1
pg_dump: [archiver (db)] connection to database "nwnx" failed: FATAL: database "nwnx" does not exist
pg_dumpall: pg_dump failed on database "nwnx", exiting
Creation script:
pg_dumpall --schema-only | grep -i database
-- PostgreSQL database cluster dump
-- PostgreSQL database dump
-- Dumped from database version 11.5
-- PostgreSQL database dump complete
pg_dump: [archiver (db)] connection to database "nwnx" failed: FATAL: database "nwnx" does not exist
pg_dumpall: pg_dump failed on database "nwnx", exiting
Connecting as nwnx user
$: psql postgres -U nwnx
psql (11.5)
Type "help" for help.
postgres=> \conninfo
You are connected to database "postgres" as user "nwnx" via socket in "/run/postgresql" at port "5432".
postgres=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
nwnx | nwnx | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
postgres=> \c nwnx
FATAL: database "nwnx" does not exist
Previous connection kept
WORKING SOLUTION BY #laurenz-albe:
Showing all dbs
postgres=# select oid, datname, datname::bytea FROM pg_database;
oid | datname | datname
-------+-----------+----------------------
13121 | postgres | \x706f737467726573
1 | template1 | \x74656d706c61746531
13120 | template0 | \x74656d706c61746530
59515 | nwnx | \x6e776e78
(4 rows)
Checking if nwnx is omitted (had to use alias for datname)
postgres=# SELECT oid, datname dn, datname::bytea FROM pg_database ORDER BY dn;
oid | dn | datname
-------+-----------+----------------------
13121 | postgres | \x706f737467726573
13120 | template0 | \x74656d706c61746530
1 | template1 | \x74656d706c61746531
(3 rows)
I followed the instructions from the solution and it worked perfectly! Thank you very much!
Postgres version is 11.5
Any hints on what I'm doing wrong or whats going on?
That looks a lot like database corruption, in particular like the index pg_database_datname_index (which is used in GetDatabaseTuple()) got corrupted.
To be sure, try the following:
-- should show all databases
SELECT oid, datname, datname::bytea FROM pg_database;
SET enable_seqscan = off;
-- should omit database "nwnx"
SELECT oid, datname, datname::bytea FROM pg_database ORDER BY datname;
If that confirms my suspicion, do the following:
Stop the database with
pg_ctl stop -m immediate -D /path/to/data/directory
and take a cold backup of the database directory.
Start the database with
pg_ctl start -o -P -D /path/to/data/directory
Connect to the database postgres and run
REINDEX TABLE pg_database;
Stop and restart PostgreSQL.
Now take a pg_dumpall from the cluster and restore it to a new cluster you create with initdb.
DROP TABLE IF EXISTS nwnx CASCADE;
will work

Postgres: Create database with superuser and password

I created a Postgres database this way:
createdb massive
Then I added a role:
sudo -iu postgres
psql -d massive
CREATE ROLE rob WITH SUPERUSER CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'password';
I quit psql with \q, then exit user postgres.
Now I try to login:
psql -U rob -d massive -h localhost -W
When entering password at the password prompt, I get this:
psql: FATAL: password authentication failed for user "rob"
Update:
\lin psql returns this:
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
massive | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
\du returns this:
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication | {}
rob | Superuser, Create role, Create DB | {}

How to import database to PostgreSQL as root?

I want to import a database of mine to a database of my server. So, I copied my database dump file to my server's root directory and logged in and did this:
root#iWidgetServer1:~# sudo -u postgres psql -U iwidget -d iwidget -f iwidget_dump2.sql
could not change directory to "/root"
psql: FATAL: Peer authentication failed for user "iwidget"
However, iwidget is a role and has granted all priviliges for this database:
root#iWidgetServer1:~# sudo -u postgres psql -l
could not change directory to "/root"
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
------------------+----------+----------+-------------+-------------+-----------------------
iwidget | iwidget | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 | =Tc/iwidget +
| | | | | iwidget=CTc/iwidget
postgres | postgres | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 |
sample_db | postgres | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 |
template0 | postgres | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template_postgis | postgres | UTF8 | en_GB.UTF-8 | en_GB.UTF-8 |
(6 rows)
What am I doing wrong?
From the docs:
The peer authentication method works by obtaining the client's operating system user name from the kernel and using it as the allowed database user name (with optional user name mapping). This method is only supported on local connections.
You're doing sudo -u postgres, but are trying to connect as iwidget.
You need to create a user named iwidget and login as this user.
This seems to be more a problem with the File permissions of the dump instead of Postgres. Have you tried moving the dump to a folder not owned by root?