postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication | {}
shorturl | Superuser | {}
postgres=# create database shorturl;
CREATE DATABASE
postgres=# \c shorturl;
You are now connected to database "shorturl" as user "postgres".
shorturl=#
My preference was to use database shorturl being the user shorturl and not postgres. How do I change the same?
Thanks in advance.
When you display the psql online help by entering \? you can see:
Connection
\c[onnect] {[DBNAME|- USER|- HOST|- PORT|-] | conninfo}
connect to new database (currently "postgres")
So you need to use:
\c shorturl shorturl
Another option, if you're already connected to database shorturl, is the command:
SET ROLE shorturl;
The benefits of that command are that it's not tied to psql, and that you can change user "midstream" of your work.
Related
I have a requirement where I need to have two users as database owner. I have created a role of db owner and assigned the role to two users. Now either of the users are able to drop the database. What is missing here?
mydb=> SELECT d.datname as "Name",
mydb-> pg_catalog.pg_get_userbyid(d.datdba) as "Owner"
mydb-> FROM pg_catalog.pg_database d;
Name | Owner
-----------+-----------
mydb | mydb_role
(1 row)
mydb=> \du
List of roles
Role name | Attributes | Member of
----------------------+------------------------------------------------------------+-------------------------------------------------------------
mydb_role | Create DB, Cannot login | {}
mydb_user | | { mydb_role}
mydb_user_clone | | { mydb_role}
ubuntu#ip-10-69-163-164:~$ psql -U mydb_user_clone -d postgres
psql (13.4 (Ubuntu 13.4-4.pgdg20.04+1), server 13.3)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=> DROP DATABASE mydb WITH (FORCE);
ERROR: must be a member of the role whose process is being terminated or member of pg_signal_backend
postgres=>
Below commands are used to create user and role
CREATE ROLE mydb_role nologin;
ALTER DATABASE mydb OWNER TO mydb_role;
GRANT mydb_role TO mydb_user;
GRANT mydb_role TO mydb_user_clone;
Because you have not enough permission to terminate a backend process.
Your db user must be a member of the pg_signal_backend role to terminate another database user's process, OR you have to use another user with the superuser privilege.
initially I have
Role name | Attributes | Member of
------------+------------------------------------------------------------+-----------
hezhenghao | Create DB | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
and I typed
postgres=# REASSIGN OWNED BY hezhenghao to postgres
postgres-# ;
REASSIGN OWNED
postgres=# REASSIGN OWNED BY hezhenghao to postgres; REASSIGN OWNED
postgres=# DROP OWNED BY hezhenghao;
DROP OWNED
postgres=# DROP USER hezhenghao;
DROP ROLE
Now there is only one user
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
However when I type psql in terminal, I still got asked to Password for user hezhenghao:
and then I would end up with psql: FATAL: password authentication failed for user "hezhenghao"
I am new to postgres so I don't really understand what's going on here. Can someone help me with this?
If you don't specify a user with -U then psql will default to the username of the user currently logged in. In this case, it sounds like that user is hezhenghao. Use -U postgres to log in as the postgres user.
I have created a new user with superuser role the rentdb, when i try to drop i will get there is dependency with it relating to some pg functions.
Is there a way i can delete rentdb completely.
postgres-# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
rentdb | Superuser | {}
As documented in the manual you can either drop everything that the user owns:
drop owned by rentdb cascade;
or assign those objects to a different user:
reassign owned by rentdb to postgres;
Code:
postgres=# create role hello;
CREATE ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
hello | Cannot login | {}
postgres | Superuser, Create role, Create DB, Replication | {}
postgres=# ALTER ROLE hello WITH LOGIN;
ALTER ROLE
postgres=# ALTER ROLE hello WITH CREATEDB;
ALTER ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
hello | Create DB | {}
postgres | Superuser, Create role, Create DB, Replication | {}
postgres=# ALTER ROLE hello WITH PASSWORD '123';
ALTER ROLE
postgres=# \q
-bash-4.2$ logout
[root#host test_user]# psql -U hello
Password for user hello:
psql: FATAL: database "hello" does not exist
I am trying to create a role named hello in Postgres with CREATE ROLE and changed it's permission for logging in and created database. However, when I try to login with -U it shows me the above. Is my understanding wrong here for -U?
By default, another assumption that the Postgres authentication system
makes is that there will be an database with the same name as the role
being used to login, which the role has access to.
See here:link for more info.
After creating the database, you can then do:
sudo -u hello psql
to log in to the shell automatically.
so i ran into a similar issue, Basically what postgres is expecting is a database that you want to choose,
And when you run the command
psql -U hello
It is assuming that you are trying to access hello database,
But by default only postgres db is created .
Try this command instead
psql -U hello postgres
In Google's SQL Cloud Postgres service, when I create a database via the Web Console for a PostgreSQL instance, it automatically sets the owner of the database's default "public" schema to be cloudsqladmin. It seems I cannot change the ownership:
mydb=> \dn
List of schemas
Name | Owner
--------+---------------
public | cloudsqladmin
(1 row)
mydb=> alter schema public owner to postgres;
ERROR: must be owner of schema public
mydb=> \du
List of roles
Role name | Attributes | Member of
-------------------+------------------------------------------------+---------------------
cloudsqladmin | Superuser, Create role, Create DB, Replication | {}
cloudsqlagent | Create role, Create DB | {cloudsqlsuperuser}
cloudsqlreplica | Replication | {}
cloudsqlsuperuser | Create role, Create DB | {}
pg_signal_backend | Cannot login | {}
postgres | Create role, Create DB | {cloudsqlsuperuser}
mynewuser | Create role, Create DB | {cloudsqlsuperuser}
I also created a "mynewuser" through the web console, and cannot remove the "mynewuser" from the "cloudsqlsuperuser" group:
mydb=> alter group cloudsqlsuperuser drop user mynewuser;
ERROR: "cloudsqlsuperuser" can't be altered
If I wanted to create a database with a public schema that only a new user has access to (and owns), should I be doing this outside of the Google web ui? It seems like any databases I create are owned by cloudsqladmin, and any users I create are those "cloudsqlsuperuser" members. If I wanted to restrict permissions for a user, should I create that user normally via psql and bypass the web ui altogether?
From my experience, you seem to have to bypass the web ui / cli tool entirely.
When you create a database through the cli tool:
gcloud sql databases create DBNAME --instance INSTANCE
It assigns ownership to cloudsqlsuperuser, same as through the gui from the sounds of it.
When I have created a user specifically through the CLI tool:
gcloud sql users create USER 'host' --instance INSTANCE
Those users get the same permissions as cloudsqlsuperuser. In this case, it is possible to alter the ownership of the database. I had success through psql command connecting as the user I wanted to own the database and running:
ALTER DATABASE database OWNER TO user;
However if the user was created via psql (not glcoud cli), then the permission are not the same and the above failed.
I'd be tempted to create your instance, set the 'postgres' users password through the tool, then psql into the instance from there and do everything you need via sql commands. I think the tool does some things very nicely (as does the UI), but its a pain later on.
If anyone knows better, I'd love to hear how you can work with the default gcloud user.
Basically what happens here is that a usual CREATE DATABASE statement seems to create a new database based on the template0 database. This database is owned by cloudsqladmin. A role only Google has access to. When the gcloud or web GUI is used, it executes the following query:
CREATE DATABASE mydb TEMPLATE template1;
For template1 the owner is set to cloudsqlsuperuser a role that gets assigned to the postgres user, and other users created through the GUI.
So if you would like to create a database using sql with the appropriate privileges, just execute the statement above, and your public schema will then be owned by the cloudsqlsuperuser, and can be altered using the default postgres user, or other users created through the web GUI.
Connect to the database mydb by owner user (for exaple, it is mynewuser).
If you want to change the public schema owner, first you should make the user postgres owner of your database mydb:
mydb=> ALTER DATABASE mydb OWNER TO postgres;
After that, you can change the public schema owner:
mydb=> ALTER SCHEMA public OWNER TO postgres;
Besides, to remove your mynewuser from the cloudsqlsuperuser group (role) use:
mydb=> REVOKE cloudsqlsuperuser FROM mynewuser;
Note: The default postgres user in Google Cloud Platform's (GCP) Cloud SQL (PostgreSQL) is not a superuser of the instance. Also, all users created from the GCP web UI have cloudsqlsuperuser role by default, and the following attributes (privileges): CREATEROLE, CREATEDB and LOGIN. They don't have the SUPERUSER or REPLICATION attributes.