I am trying to create a migration. this is the output
MIX_ENV=prod DATABASE_URL="URL" mix ecto.migrate
[info] execute "CREATE EXTENSION citext;"
** (Postgrex.Error) ERROR 42501 (insufficient_privilege): permission denied to create extension "citext"
however until now it has been working in dev mode.
I did try
ALTER USER user WITH SUPERUSER
and installed postgresql-contrib package
but nothing works.
I had a similar issue and doing:
psql -d postgres, ALTER USER my_user_name WITH SUPERUSER and
setting the username in the Repo config to my_user_name
has resolved the issue.
So I think that the answer to the question might be doing 2. so making sure the DB user used by our application is the one that has SUPERUSER. Obviously you could also figure out without doing 2. what DB user name is used by default and then do 1. for that user.
Related
I'm migrating all the role from my PostgreSQL hosted in GCE VM to Cloud SQL by generating dump file
sudo -Hu postgres pg_dumpall -U postgres --globals-only --file=globals.sql
When I import the same(globals.sql) in Cloud SQL I came across below error:
exit status 3 SET SET SET CREATE ROLE ERROR: must be superuser to alter superusers
Note:
I used postgres user to import this dump file to the cloud sql database.
I'm curious is there any other way to tackle this since postgres user does not have superuser privileges?
I tried executed one query from globals.sql file using cloud shell, below is the output:
postgres=> CREATE ROLE vipinm;
CREATE ROLE
postgres=> ALTER ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
ERROR: must be superuser to alter superusers
Thanks in advance!
The psql documentation says:
psql returns 0 to the shell if it finished normally, 1 if a fatal error of its own occurs (e.g., out of memory, file not found), 2 if the connection to the server went bad and the session was not interactive, and 3 if an error occurred in a script and the variable ON_ERROR_STOP was set.
So don't set ON_ERROR_STOP.
The error means that you cannot execute the following line from your dump:
ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS;
That is fine, and you can ignore the error.
This is kind of a bug. As a non-superuser, you can't even reiterate that another role is still not a superuser, as even mentioning anything about superusers even when it would have no effect throws an error. You can get around this by creating the role in its final state, rather than doing the CREATE then ALTER dance that pg_dump likes to do.
CREATE ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
Alternatively, you could remove from the ALTER statement all the attributes that don't cause any change but merely reiterate the current state of things, leaving:
ALTER ROLE vipinm WITH LOGIN;
I've got a Postgres database and user I've created on Google Cloud SQL.
I'm trying to install the postgis extension for that user:
myuser=> CREATE EXTENSION postgis;
ERROR: permission denied to create extension "postgis"
HINT: Must be superuser to create this extension.
as you can see, it won't allow me to create the extension for this user, so I attempted to make this user a superuser from the postgres role:
postgres=> ALTER USER myuser WITH SUPERUSER;
ERROR: must be superuser to alter superusers
and I get the following error. This is because Google Cloud SQL does not allow the SUPERUSER role for any postgres accounts according to: https://cloud.google.com/sql/docs/postgres/users.
So I'm in this weird state of purgatory that I need to add this extension, but can't.
Any tips on how to proceed?
It looks like creating a new user through the API (or the console) will give it the proper permissions, at least according to the prompt when trying to add additional users through the console:
I'm trying to set up a Heroku environment for python development following instructions on https://github.com/heroku/python-getting-started. When I run createdb python_getting_started:
I'm first prompted to give in a password: I entered the password of the user "postgres" in Postgres
I get an error message:
createdb database creation failed: ERROR: permission denied to create database
Don't really how to solve this one. The user "postgres" is allowed to create a database. I checked with \du that it is a Superuser and it has Create DB rights. What's going on here? Which user is Windows using to try to create a Postgres DB?
Most PostgreSQL utilities by default use your current OS session login for database connections.
You need to either set environment variable PGUSER to postgres or use createdb -U postgres python_getting_started.
You can read more about createdb parameters here, tho admittedly it does not mention default values.
EDIT: It actually does mention that it uses libpq defaults, and those are:
user
PostgreSQL user name to connect as. Defaults to be the same as the operating system name of the user running the application.
This question already has answers here:
psql: FATAL: role "postgres" does not exist
(32 answers)
Closed 20 days ago.
I'm setting up Postgresql for use with a Rails app, but I do not seem to be able to connect to, or properly configure, the database (the errors I get after starting the Rails server are: ActiveRecord::NoDatabaseError and could not translate host name "MyProfile" to address: nodename nor servname provided, or not known).
I gather from the dozens of other questions on this topic that I need to switch to, or create the "MyComputer" role, however I've noticed that they all require using the psql command. When I run even just psql I, again, get the error FATAL: role "MyProfile" does not exist.
So far I've been following Heroku's instal process and am stuck here (or more accurately here, after the installation, where Heroku says that running psql -h localhost should work). Am I missing an obvious step here/doing something wrong?
I've also tried:
sudo su - MyProfile
variations of sudo -u postgres createuser owning_user
and a couple other commands in an effort to create this roll/user, but I can't seem to get done what I need to to resolve the issue.
EDIT
I've also run ps aux | grep postgres and it looks like all the PID's that are associated with anything postgres are running under "MyProfile" (assuming I'm reading it right). But the psql command still returns that the role does not exist. #sadface
EDIT 2
I just opened the Postgres App and clicked the "Open psql" button. It opened the Terminal, ran a command ('/Applications/Postgres.app/Contents/Versions/9.5/bin'/psql -p5432) and then gave me the same error (psql: FATAL: role "MyProfile" does not exist). Which perhaps suggests to me that it's an system issue, and not a Rails issue at all?
Edit 3
This is most certainly a pg issue, not a rails issue. I just uninstalled the app, reinstalled it using SQLite (yucks), ran the local server and got the test landing page to show up. So the problem appears to be with my local machine but not the app itself. Removed RoR tag, and still looking for answers from Postgres gurus on why the role issue persists :)
I ran into similar issues when setting a new Rails application with Postgresql. I got the following error messages below
FATAL: role "promisepreston" does not exist
Couldn't create 'MyBlog_development' database. Please check your configuration.
rails aborted!
ActiveRecord::NoDatabaseError: FATAL: role
Caused by:
PG::ConnectionBad: FATAL: role "promisepreston" does not exist
To solve this simply follow the solution below
First, we need to login to the postgres user account via the command line interface;
sudo su - postgres
Next, connect to the database server using the psql client, as the postgres role:
psql -U postgres
Welcome to psql 10.6, the PostgreSQL interactive terminal.
postgres#Preston-PC:~$ psql -U postgres
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.04.1))
Type "help" for help
postgres=#
Next, connected with the psql client, we’ll create a role with our desired rolename that has the LOGIN attribute and our desired password, and that can create databases and manage roles (N/B: Please do not type this postgres=#, since it's a placeholder):
postgres=# create role rolename with createdb login password 'password1';
Note the required trailing semicolon ( ; ) at the end of the SQL statement. The single-quotes ( ‘ ‘ ) are not part of the password, but must enclose it.
Did it work? You can check using \du command (N/B: Please do not type this postgres=#, since it's a placeholder):
postgres=# \du
You can now run the command to create the database for your Rails application;
rails db:create
And then also run the command to migrate the database for your Rails application;
rails db:migrate
That's all.
I hope this helps
What a mess...one thing that I forgot to mention that probably would have been astronomically helpful to the community is that I'm taking over someone else's machine. There were lingering settings that just decided they weren't going to play nice.
At the end of the day, I got rid of Postgress.app, installed postgres with Homebrew, and the balance of what I needed was here: http://exponential.io/blog/2015/02/21/install-postgresql-on-mac-os-x-via-brew/
Specifically the line that saved me was createdb 'whoami' (see the actual post...the syntax is a bit different than what I just wrote because of stackoverflow formatting)...in retrospect it seems obvious, but it helped my current logged in user overcome the presets of the other legacy user by actually creating the database that the psql the whole setup was looking for.
Lesson learned!
Thanks for the help #max, helped me avoid another issue I was about to cause as well!
If you are using Postgres.app you should leave out the username and password from config/database.yml. Also that error is telling you that you have entered MyProfile not as the user for (or role in PG parlance) but as the host for the database connection (instead of localhost).
This is really all you need in your config/database.yml to get Postgres.app running:
default: &default
adapter: postgresql
encoding: unicode
# For details on connection pooling, see rails configuration guide
# http://guides.rubyonrails.org/configuring.html#database-pooling
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
development:
<<: *default
database: myapp_development
test:
<<: *default
database: myapp_test
Its often a good idea to leave it stripped down and let the fool who absolutely has to have a password on his dev postgres server use the DATABASE_URL env var.
When I attempt to enable hstore on my database:
=> CREATE EXTENSION IF NOT EXISTS hstore;
ERROR: permission denied to create extension "hstore"
HINT: Must be superuser to create this extension.
My user is not a superuser, but is the owner of the database.
According to the CREATE EXTENSION docs:
Loading an extension requires the same privileges that would be required to create its component objects. For most extensions this means superuser or database owner privileges are needed. The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of later privilege checks, as well as the owner of any objects created by the extension's script.
What is hstore doing that requires superuser privileges? Is it affecting parts of the cluster outside the database I'm adding it to?
Further confundity:
The DB user Heroku Postgres provides is not a superuser:
Heroku Postgres users are granted all non-superuser permissions on their database. These include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.
However, that user is able to CREATE EXTENSION hstore:
To create any supported extension, open a session with heroku pg:psql and run the appropriate command:
$ heroku pg:psql
Pager usage is off.
psql (9.2.4)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
ad27m1eao6kqb1=> CREATE EXTENSION hstore;
CREATE EXTENSION
ad27m1eao6kqb1=>
(For context, I'm attempting to set up a Dokku deployment, so the comparison to Heroku is especially important.)
The hstore extension creates functions that call code from an external dynamic object, which requires superuser privilege. That's why creating the hstore extension requires superuser privilege.
As for Heroku, it is my understanding that they are running with a special extension whitelisting module, which allows users to create certain extensions even though they are not superusers. I believe it is based on this code: https://github.com/dimitri/pgextwlist. You can try to install that code yourself if you want the same functionality in your databases.
ALTER USER myuser WITH SUPERUSER;
If you run this command from a superuser, this solves your CREATE EXTENSION issue. You may check your available users with \du to find a superuser.
This is not related to heroku.
This is how I solved this issue in ubuntu 18.04.
Provide postgres super user access.
sudo su postgres
Then I run:
psql -U postgres your_database_name -c 'create extension hstore;'
Now I can alter table your_database_name and add hstore type columns in it.
Connect to your database
psql -d your_database_name -U your_user_role
And
alter table your_table_name add your_column_name HSTORE;
Though there might be saveral different ways to do it, but I solve it in this way.
Hope this will help novice users like me.