$ psql --password --username=postgres template1
Password for user postgres:
psql (9.4.7)
Type "help" for help.
template1=#
I am able to log in no matter what I type for the password.
There could be a few different things going on, and it's hard to know which without knowing more about your configuration.
Specifically, you should look at your pg_hba.conf file for that database. The most likely situation is that you have a line that looks something like:
local all postgres trust
That line will allow: anyone who has command-line access to the server (local) to log into any database (all) as the postgres user (postgres) without password authentication (trust).
If you have a line like that, that's your problem. You can change trust to md5 (or something else -- see this documentation page for more options), and that will start enforcing passwords for local database access.
If you don't see a line like that, there's something else going on.
Related
I have just installed Postgres 12 on a Mac. As you may soon appreciate I am totally new to it.
During the installation process I was asked to provide a "password". I do not remember specifically, but I think it was for the some sort of admin role.
Now I want to create my first database. Reading the documentation I insert the command
createdb myfistdb
the system asks for a password. I give the one I set during the installation processes but I got the following error
createdb: error: could not connect to database template1: FATAL: password authentication failed for user "myusername"
where myusername is the user I am logged in.
The same happens if I give the system password of myusername.
I understand that my question is pretty basic, but I have been struggling quite some time without any success, so any help will be appreciated.
The database uset name used by createdb defaults to the operating system user name, so you'll have to specify the administrative superuser explicitly:
createdb -U postgres myfistdb
I want to export everything(users, roles, object definitions, data) from my PostgreSQL and restore it into another server. How can I do that?
I try to use
pg_dumpall -U postgres -g > out.sql
but file out.sql is empty. Can someone explain me why this happens?
When I try:
pg_dumpall -U postgres > out.sql
PostgreSQL just didn't want to accept password for "postgres".
I prefer to do this job from (windows) command line(it is not problem and with linux command, I can translate them). And if there is nice pgAdmin way to do it, I will happy to learn it, too.
P.S: My password for "postgres" is correct (I try to login with "psql -U postgres" and there is no problem)
Update: I try with user different than "postgres"(in this case rsmn):
pg_dumpall -U rsmn > out.sql
I have following error:
pg_dumpall: query failed: ERROR: permission dneied for relation
pg_authid pg_dumpall: query was: SELECT oid, rolname, rolsuper,
rolinherit, rolcreaterole, rolcreatedb, rolcanlogin, rolconnlimit,
rolpassword, rolvalidunil, rolreplication, rolbypassrls,
pg_catalog.shobj_description(oid, 'pg_authid') as rolcomment, rolname
= current_user as is_current_user FROM pg_authid WHERE rolname !~ '^pg_' ORDER BY 2
User privileges(This user is only one beside "postgres"):
The attempt with user rsmn fails because it is not a superuser and cannot export the user passwords.
It remains to figure out why pg_dumpall -U postgres fails for you.
For that, the first thing would be to check the PostgreSQL server log. I am not sure where that is on your system, you should check the settings in postgresql.conf (logging_collector, log_destination, log_directory, log_filename). Probably it is in the Windows Event Log.
The log message will tell you what is wrong.
It could well be a problem with the pg_hba.conf file – if so, modern PostgreSQL versions will tell you which line was used.
For debugging purposes, you can try to change the relevant line to trust authentication so that no password is requested (but don't leave it that way, or everybody can connect as user postgres without password!).
If you are trying to do it under the *nix and your server is installed localy, you may not to use ident mode instead of password:
sudo su postgres
pg_dumpall > out.sql
I need to run multiple commands on an AWS Postgres RDS instance I have. I don't want to enter the password each time. I'm trying to use the .pgpass file but I'm running into errors. The first time I ran into an error which said 'role "ubuntu username" does not exist'. I logged in as the postgres user and created that username. After this, the error I get said database does not exist. I have a feeling these errors have nothing to do with trying to connect to the AWS RDS instance.
psql --host=<awshost> --port=5432 --username=<awsrdsusername> --password --dbname=<dbname asks for a password and then logs me in after I enter it. Now I put a file in /home/<ubuntuusername> called .pgpass which has <awshost>:5432:<dbname>:<awsrdsusername>:<password>. Permissions for this file are set to 0600. Now when I run psql from the terminal and that produces the error - psql: FATAL: role "<ubuntuusername>" does not exist. These steps are as outlined on this page.
Can someone help me with the steps to get a pgpass file to connect to an AWS RDS instance?
.pgpass doesn't provide connection information. You seem to expect that after you create a .pgpass file, you can run psql without arguments and it'll know where to connect. That is not the case.
The hostname, port, etc you put in .pgpass are there so that PostgreSQL knows which line to look at when matching the connection info to find its password.
If you had to run:
psql -h something
to connect without a .pgpass file, you still have to run the same thing to connect with a .pgpass file.
If you run psql without arguments it'll connect to the local PostgreSQL (if any), using the current unix username as the postgresql username and the database to connect to. That's why you get the error you do.
If you want to change the default connection, you can use environment variables like PGHOST, PGPORT, etc, and/or a .pgservice.conf file.
See the manual to learn more.
How can I set up multiple authentication methods for the same host/database/user rule? I want to be able to log in to my postgres user using both sudo -u postgres psql -U postgres (without having to enter a PostgreSQL password) and psql -U postgres --password. Something like the following in pg_hba.conf:
local all postgres md5
local all postgres peer
I can only get one method or the other working at the same time.
Thanks.
(I am using PostgreSQL 9.1).
Nope. Only one auth method is supported for any given configuration.
I'd love it if Pg could support fall-back authentication, where if an ident check fails it allows md5 auth instead. It doesn't support this at the moment, though, and I suspect (I haven't verified) that a protocol change would be required to support it.
What you can do is store the password in a $HOME/.pgpass file for the postgres system user. Give it mode 0600 so it's only readable by the postgres user and by root, both of whom can get direct access to the database files and configuration anyway. That way you get easy admin and md5 auth. On some systems you may have to set and create a home directory for the postgres user before you can do this. See getent passwd postgres to see if if the postgres user has a homedir and if so, where it is.
(UPDATE: used to read $HOME/.psqlrc - which is useful, but .pgpass is suitable for password storage)
I have a fabric script that dumps database on server. And I can use it on multiple servers with the PostgreSQL database. The command is simple:
sudo("su postgres -c \"PGPASSWORD=%s pg_dump %s > /tmp/telemedia_newdb\""
% (HOST_SOURCE_DB_UPASS,HOST_SOURCE_DB))
But sometimes, Postgres does not ask for a password at all ...
Will this command fail without a password prompting from Postgres? (Or I know that it will not prompt and HOST_SOURCE_DB_UPASS=''). I want THIS code to work with or without password.
It all depends on how you set up access to your database in pg_hba.conf. There is a separate config file per database cluster (effectively per port) and settings can be different from database to database.
So, yes, if you have set it up that way, then the system user postgres will have password-less access to some databases but is prompted to enter a password for others. The default is that the system user postgres has password-less access to every database as database user of the same name (postgres).
If you provide a password in the command with the environment variable PGPASSWORD, but no password is needed, it will be ignored silently.
However, I quote the manual here:
PGPASSWORD (...) Use of this environment variable is not recommended for security reasons.
You can use a password file to provide passwords automatically (.pgpass on Unix systems). pg_dump will use it.
Finally, consider the command line options:
--no-password
--password
to force pg_dump to either prompt or not prompt for a password. If a password is required but disabled by --no-password, pg_dump will fail.
I would enable password-less access for the system user postgres to every database in the config file pg_hba.conf. Use peer or ident authentication methods. Then you don't have to provide a password and the script will always work:
local all postgres ident
Your script would be simplified to (untested):
sudo("su postgres -c \"pg_dump %s > /tmp/telemedia_newdb\"" % (HOST_SOURCE_DB))