Best Practice of running postgres in Ubuntu? - postgresql

I just installed postgresql in Ubuntu 18.04 and been going through the official guide. Things I understand:
The installation comes with the default postgres user
We should not create databases with this default user
Instead we should create a different user
The questions I have are:
Why is this so?
Should the new user name I create be same as my ubuntu user $(whoami) ? Or should it be different ?
Should this new user be a superuser ?
When I have to delete or create databases/tables, do I have to log in to this newly created user or the default postgres user?

You should read the documentation, this is no substitute.
It is ok to use the user postgres to create databases.
Ideally there should be no remote connections with user postgres (block it in pg_hba.conf).
Never let an application connect as superuser.
You should create other database users that are not superusers to create objects and work with them.
The name of the database users has no connection to the name of your operating system users.
For maximum safety, create objects with one user and let your application connect with a different user that has the required permissions on the objects.

Related

PostgreSQL user account has unknown password by default

I just installed PostgreSQL 13 on Windows 11. When I run the command psql by default it uses the user aaron, the name of my Windows user account. However, it asks me for a password. I have tried all passwords associated with my Windows account as well as the default password I set for the user postgres, none of which worked. I was able to log in with psql -U postgres, and I ran the command \du, and there was only one role in the list, postgres. Later I created the role aaron without specifying a password, but it still asks for a password.
So, did the user aaron exist initially or not? If not, then how was it the default user when I ran the psql command? What is the password for this user?
So, did the user aaron exist initially or not
No, it did not. The only user that is created when installing Postgres (or more precisely: when running initdb) is postgres.
If not, then how was it the default user when I ran the psql command
Quote from the manual
The default user name is your operating-system user name, as is the default database name
psql simply uses the operating system user as the default username to connect to the server. It knows nothing about the database user(s) until it tries to connect with a specific username and potentially password.
You can set a different default through the (Windows) environment variable PGUSER
Later I created the role aaron without specifying a password, but it still asks for a password.
Whether or not a password is required is controlled through pg_hba.conf
When you run psql command and don't provide a username it considers (that the current system user which in your case is aaron) is the user you want to use to login and hence you see a user which really don't exists.
Now regarding the password you might want to check a file generally named as pg_hba.conf which hold the essentials of who can connect (IPs) what username can he have and should that user be asked for password.
Now generally you will find answers saying that find this file and write down trust everywhere (which basically means if some specific user from a specific IP access this database of replication then don't ask for a password and let him enter), which you should not do until and unless you are utterly sure the postgresql server is just just local and has no real-time purpose.
So concluding you want to create a user with some encrypted password and then provide necessary privilege.
P.S: I have tried all these on a linux machine, but the server configurations are more or less same.
It's worth pointing out that PostgreSQL has it's own users and permissions independent of the OS. Some installers will automatically create a postgres OS user. I'm not sure what Windows does.
It seems that PostgreSQL can do Windows authentication. See this question for details on how to configure that.
As #a_horse_with_no_name has said, connection configuration is controlled by pg_hba.conf
PostgreSQL tries not to leak information about its users, so the failed-authentication attempt is not given much information about why it failed.
If you look in the server's log file, rather than the clients, you should first see messages about 'aaron' failing to authenticate because the user does not existing, and then (after you create it) about it failing to authenticate because it has no password assigned.
When you created the user, you should have assigned it a password if you wanted to use a password. Or as a superuser in psql, create it without a password and then assign one with \password aaron That way the password won't be visible on the screen, or in the log files.
To give a concise, direct answer:
right click on Windows icon and click “System”.
scroll down to “Advanced System Settings”.
click Environment Variables.
in “System variables”, click “New”.
Set Variable Name to PGUSER and Variable Value to postgres.
Or, in cmd: set PGUSER=postgres, which also sets it globally.
go to "Services" (in Task Manager), and restart the "postgresql-X64" service.

Fail to connect PostgreSQL DB from my Linux User

I am new to technologies , please do not judge my question too strong :).
I installed in My Ubuntu 18.04 PostgreSQL 10.7. To be able to enter my DB I need to enter the following commands from my terminal. sudo -u postgres psql.
Is there any shortened way where I can connect it from my Ubuntu User account. For example. if I input psql it will open database environment where I can type PostgreSQL commands.
Thank you.
Just execute this command in your terminal :
alias psql='sudo -u postgres psql'
So the next time, you input psql and execute, you will be in database environment.
I see two options:
1) Create alias for this command sudo -u postgres psql .
2) Go to psql and create new superuser and database for it:
CREATE ROLE username SUPERUSER;
ALTER ROLE username WITH LOGIN;
CREATE DATABASE username;
You shouldn't be using the superuser account for your normal database work. That is as if you were using root for everything in Linux.
You need to create a regular user with the privileges to create or modify tables in your database. This can be done by granting the user all privileges on the database (which is not the same as making that user a superuser) or make that user the owner of that database.
As documented in the manual psql tries to connect to a database with the name of the current Linux user and with a database user with the name of the current Linux user. So if you want to keep things simple create a user with your regular Linux user's name and an database that is owned by that user:
create user rob password 'somepassword';
create database rob owner = rob;
Assuming your Linux user is rob, then all you need to do is:
psql
and you are connected to a database where you can create and manage tables.
Depending on how you installed Postgres, you might need to adjust pg_hba.conf to allow rob to log in directly.
Again: please do NOT use the superuser account for your normal work.

postgreSQL login as created new user?

I'm new to postgresql database. I followed instruction online and get my postgreSQL database installed and everything works fine. with psql, I created new user user1 as below:
CREATE USER user1 WITH PASSWORD '123';
Now I have a user called 'user1', in addition to default user 'postgres'.
I'm very confused with what those user can do. I'm not sure what is the use of creating the new user.
My questions are:
Can I log into the database as user1? How?
Can the user see all the database in the system, no matter what the database owner is? In my case, all the database I created is owned by 'postgres'.
Am I able to make the user see only some of the databases?

Postgres accepts any password

I have the following code which connects to a database on my remote server (the connection script resides on the same server):
Database::$ErrorHandle = new PDO('pgsql:host=111.222.33.44;dbname=mydatabase;', 'postgres', 'mypassword', $db_settings);
The problem is I can change the password to be anything at all and the connection is still made! Like seriously what the hell!?!
Can my database be connected to (providing you know the IP and db name) by anyone from a PHP script running on a different server?
How can I enforce passwords, I have looked at the following stack overflow page and did what they said but still no luck:
How to change PostgreSQL user password?
I am running Ubuntu 12.04 server with PHP 5.5 and Apache2
Off course your postgresql database can be properly configured to only connect with authenticated users even certain users (Roles in Postgres) from certain IPs/sockets.
Some considerations:
Do you see data? Or can you just connect to the server? Can you list the databases?
Look at your pg_hba.conf and setup the proper permissions, per role per database per source
Did you grant access to the mydatabase to everyone? Which roles did you grant access?
Does the database have its tables in the public scheme? And granted access to the public?
Yes, with this configuration everyone who knows your IP and database name can connect to your database.

Postgres user create database

I am unable to create databases using my postgres client with the user I log in as.
I am having trouble figuring out how increase the privileges of my user. I have access to the linux server running postgres and am able to use psql to log on as my user and as the postgres user.
Can someone tell me what commands I should run to allow my user to create databases on my server through the postgres GUI running on a remote host?
Many thanks,
I don´t know of a postgres GUI, but here's how to do it in the psql-console (logged in as the superuser):
=> ALTER USER your_username CREATEDB;
See http://www.postgresql.org/docs/current/interactive/sql-alteruser.html for more info.