I'm running Ubuntu 16.04.2 LTS. When I set up postgres on this box, I thought I entered my username / password in either .bashrc or .profile. I've checked both though and see nothing related to postgres. I also looked at pg_hba.conf but nothing in the way of password / username either. I have no problem accessing pgsql or creating databases and have the username and password.
However, I've been hard coding in the username / password into the development apps. I want to stop that now, so while I have a yaml file with
development:
adapter: postgresql
database: development
username: <%= ENV['PG_USER'] %>
passowrd: <%= ENV['PG_PASS'] %>
host: localhost
I'm not sure how to write the variables and where to store them. I did some searching on this before asking, and some of the info was a bit confusing and more importantly, varied.
Side note - I know database.yaml may not be the best or only option, for now it's the one I'm staying with though.
Storing usernames and passwords into environment variables is unsafe since environment is meant to be accessible and is shared between running programs. Simply store the username and password into yaml file. You can crypt the values if there is a change of non-admin persons to see them.
Related
I stumbled upon PostgreSQL installations, where there is a PostgreSQL user with the same name as an operating system (Linux) user. If you are logged into the operating system as such a user, you can usually login to psql without specifying a username and password as this user.
How does this work? Is this a pure convention, or is there a special mechanism in PostgreSQL for this kind of behavior?
There are cases, where no corresponding PostgreSQL user is present for an operating system user. In this case, how do I create one, that can be logged into without having to specify username and password once I am logged into the operating system as this user?
There are several mechanisms. I don't know what makes a mechanism a special one, though.
The client always sends a username to the server. If you don't specify one to use then libpq-based clients look up the operating system name and use that. Some non-libpq-based clients might adopt the same convention.
For not requiring a password, maybe local connections are set to 'trust' in pg_hba.conf, in which case anyone else on the same machine can also log in to PostgreSQL as you, just by specifying your username to use, such as with -U martinw. Or maybe a password is required, but it is provided automatically via .pgpass file or via PGPASSWORD env variable, but if you set that up presumably you would remember doing so. Or maybe you have local connections set to peer in pg_hba, in which case the db server asks the OS "who is on the other end of this socket?" and verifies the answer matches the requested username (this is a common default setup, for example on Ubuntu Linux) or if a pg_ident map is in use, then it verifies the response system username is allowed to log in as the specified db username.
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-PASSFILE
create a pgpass file: vim ~/.pgpass
fill your credentials: hostname:port:database:username:password
exit file. and change ~/.pgpassfile access permission:
https://www.postgresql.org/docs/current/libpq-pgpass.html
chmod 0600 ~/.pgpass
If your linux user is the same as one of the pgpassfile user, then just type psql to connect to database.
I am using postgresapp for the PostgreSQL and without password I was able to connect to the database and perform operations. I am curious to learn about the password. Also I use Postico as Interface. Open to any suggestions.
The default for Postgres.app is to have no password and set trust-level authentication in pg_hba.conf. To change this, you need to do the following:
Alter the IP address and mask for host all all 127.0.0.1/32 trust as needed in pg_hba.conf, and change authentication method from trust to password or md5 (or whatever your requirements are)
Set the password for the desired user(s) with ALTER USER <username> WITH PASSWORD '<password>';
Reload the conf with SELECT pg_reload_conf()
Note your pg_hba.conf file is usually located in ~/Library/Application Support/Postgres/var-12 -- the sure-fire way to know is by querying SHOW data_directory in your psql prompt
Postgres.app is a great way to get Postgres running on macOS in a few minutes. It ships with a default user name and password, and they you're on your own. Postgres.app is a nicely compiled version of Postgres that you can run by double-clicking, you'll need other tools (and knowledge) to take advantage of Postgres. As you'll have noticed, the UI for Postgres.app is pretty much a few buttons to configure a server, and to give you shortcuts to the logs, configuration files, and data.
If you want to use psql (as mentioned), or any of the other command line tools, they're embedded in the application's package. Right-click, open the package, open Contents, open Versions, open the version you use, and look in bin.
If you want a GUI tool, there are many options. Since you say Postgres.app, I'll assume macOS. You've found Postico, SQLPro for Postgres is good, TablePlus is also good. Those tools have fairly uncluttered UIs. If you want or need more features, pgAdmin has a whole lot to offer, and it's free. I end up using Navicat a lot, even though it has a UI that screams "Look Ma! I wrote it in Java!" It gets a lot done. I'd say that day-to-day on macOS, I use SQLPro most. But, really, it's largely a matter of taste. psql is quite powerful, and you'll find no short of help for that.
I'm trying to run the heroku pg:pull command, but I can't seem to get the amazingly cryptic authentication process.
The command I'm running:
> heroku pg:pull app_name::RED localdb
I then get a password prompt, which I can't, for the life of me, figure out. After 2 guesses I get password authentication failed for user "Hanan", and that's it.
I tried Heroku's password, my Windows account password, every password I use, but nothing happens. I checked, and "Hanan" is not a role in Postgresql, so trying to change the password through psql doesn't work. I have no problem logging in to Postgresql through other roles, but it's this 'default' log-in process which I can't seem to crack.
Also, since I'm using windows, I'm not sure how to run commands like sudo -u postgres psql, which I see as a possible solution.
Will appreciate any help regarding this issue, I'm really frustrated by now...
Apparently it's possible to set the environment variables PGUSER and PGPASSWORD, as described here.
However, this won't work on windows in the given syntax. To do this on windows run the following:
SET PGUSER=[pg_username]
SET PGPASSWORD=[pg_password]
after entering these two lines Postgres will log you in with the given authentication info, instead of trying to sign in with the windows username
I've run into this problem a lot when running heroku pg:pull. The issue in my case was that the pg:pull command only works if my local PostgreSQL server has a password set.
To set a password, run psql localdb and execute this SQL:
ALTER USER my_user_name with password 'my_new_password';
(You won't necessarily be required to use this password all the time. Run psql localdb and see whether you're prompted; in my case, I can still log in to psql without the password.)
Now run heroku pg:pull --app my_heroku_app POSTGRESQL_COLOR localdb, and enter your new password (twice) when prompted.
I'm using Windows 10, 64-bit, Powershell and had to use the following commands to properly set the local PostgreSQL environment variables:
C:\> $Env:PGUSER="[pg_username]"
C:\> $Env:PGPASSWORD="[pg_password]"
To verify that these are set properly, list all local environment variables with this:
C:\> Get-ChildItem Env:
After doing this, I was able to run heroku pg:pull without being prompted for a password.
The previous answers did not work for me or were not to my liking so I kept searching. Thanks to the answer provided by Rayz on this post How to add a user to PostgreSQL in Windows? I was able to come up with this one liner for windows powershell.
& { $env:PGUSER="username";$env:PGPASSWORD="password"; heroku pg:push local-db DATABASE_URL --app heroku-app}
You apparently have to pass the variables as a list seperated by semicolons, surrounded by braces which are preceeded by an ampersand. Your funtion (heroku pg:pull/ pg:push/...) has to be a member of the list. As of my current testing it works in powershell with pg:push and the order of items within the braces does not matter.
I was too lazy to find out how to change credentials used by heroku. SET PGUSER and SET PASSWORD did not work for me, what i did was this:
Error said invalid credentials for "janbr" so i have created the user in the local db with a lot of priviledges. I used DBeaver for that with postgres credentials i have set up upon instalation of postgres.
Not a very clean solution though.
Using Windows 10, I tried all of the solutions here without any luck.
What ended up working for me was going into System Properties and editing my Environment Variables there. I added these to my System Variables, restarted my terminal and was able to run after that. One thing to note is that I first tried to add user and password to my User Variables but that didn't work.
PGUSER YourPostgresUser
PGPASSWORD YourPassword
I also ran Get-ChildItem Env: after updating my variables to check that they had been added.
So, I've been working on setting up a pg_dumpall but I cannot get it to work without entering a password.
I have tried:
How to pass in password to pg_dump?
and followed that to here:
http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html
and still no luck.
My string and reaction:
pg_dumpall -U user > /path/to_my/folder/test2.sql
Password:
Password:
Password:
Password:
Password:
Password:
Password:
Password:
Password:
Password:
(I will make this a bash script when I get it to work without a password)
I have tried to use -w but it won't dump unless there is a password. I also have put that .pgpass file in my home directory and have tried moving them to other user's home directories.
Maybe I just didn't make my file right or I don't know maybe it's in the wrong place but here that is:
*:*:*:user:password
Any help would be great.
Thanks
I'm not sure where the PGPASSWORD environment variable is
It's never set anywhere by default.
But anyway it may be simpler to use it locally like this:
PGPASSWORD=yourpassword pg_dumpall -U user > /path/to_my/folder/test2.sql
Doing this, the variable will only exist for the duration of the dump.
EDIT about the security of this technique:
#Peter's comment is presumably related to this warning in postgres manual:
Use of this environment variable is not recommended for security reasons, as
some operating systems allow non-root users to see process environment
variables via ps
But some operating systems is pretty vague and looking around it appears that nobody seems to seriously believe that modern OSes have any such flaw.
security.SE covers the topic in related Q&A's that I find useful:
Is passing sensitive data through the process environment secure?
environment variable accessibility in Linux
Personally I'm happy enough with this to bypass the postgres security warning. But that shouldn't deter anyone to do his own research on his own operating system, especially if it's exotic or obsolete.
I am working on an open source application that has PostgreSQL as its default DBMS. Now when I install it on my system, its configuration is so that PostgreSQL also gets installed with it.
My problem is with getting access to the installed PostgreSQL database. The database that gets created during installation is named iviewdb.
I read at many forums that the default superuser is postgres, but when I try to get access to the database using this username through a command prompt, it prompts me for password that I don't have.
I wanted to know from where in the PostgreSQL installation directory
the default username and password with the port number to access the database is stored. I have even tried changing the pg_hba.conf file, but that creates a problem with the application and it won't start then.
How can I find the password for this database? I am working in a Windows environment.
The password isn't stored in an easily recoverable manner, and if you change the password, the application may not be able to access the database properly. You may find the password in the application settings or documentation, though.
If you decide to risk changing the postgres user's password, stop the application and PostgreSQL service, and then edit pg_hba.conf. Add (or change if it already exists) a line (if it doesn't exist, add it before any other "host...." lines):
host all all 127.0.0.1/32 trust
And restart the PostgreSQL service. That should give you access from localhost, where you could change the postgres user's password, or add yourself another user with the permissions you want. Then set the pg_hba.conf file back the way it was and restart.
I've encountered this similar problem, and I noticed that the default being set for PostgreSQL upon installation in my case is as follows:
username = postgres
password = ' '