I'm using PostgreSQL on Cloude9. I'm trying to run a nodejs program which creates a schema in a database and then creates some tables in the schema. Here is what I'm trying to do and the error I get:
CREATE SCHEMA IF NOT EXISTS salesforce;
CREATE TABLE IF NOT EXISTS salesforce.contact (
id BIGSERIAL,
firstName TEXT,
lastName TEXT,
email TEXT,
mobilePhone TEXT,
leadsource TEXT,
accountid TEXT,
pictureURL__c TEXT,
preference__c TEXT,
size__c TEXT,
loyaltyid__c TEXT,
password__c TEXT,
createddate timestamp
);
Error initializing Postgres tables initialized
{ [Error: permission denied for schema salesforce]
severity: 'ERROR',
code: '42501',
file: 'aclchk.c',
line: '3371',
routine: 'aclcheck_error' }
the PostgreSQL is running under user postgresql, I'm running under user ubuntu, but I granted all privileges on the database to user ubuntu.
I also edited the pg_hba.conf file to:
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
what am I doing wrong?
Thanks,
Nir.
started all from scratch and after creating a role with superuser and login options, it worked fine.
Related
I have a PostgreSQL database. I have a library that accesses said database. I have test code to test that library.
Previously everything worked fine, but this morning my test logs have errors like this:
ERROR: permission denied for table configuration
In an attempt to narrow down the problem I created a script to recreate the database and all permissions from scratch. It is based upon countless similar scripts I have used previously. It starts like this:
DROP DATABASE boards_db;
DROP OWNED BY test_user;
DROP USER test_user;
CREATE USER test_user WITH PASSWORD 'testing';
CREATE DATABASE boards_db WITH ENCODING='UTF8' OWNER = test_user;
\c boards_db
GRANT ALL PRIVILEGES ON DATABASE boards_db to test_user;
ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO test_user;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO test_user;
CREATE TABLE IF NOT EXISTS sessions (
user_id INTEGER PRIMARY KEY,
admin BOOLEAN NOT NULL,
session_id TEXT
);
In trying to debug this issue I foolishly meddled with the pg_hba.conf file. It now looks as below, and I can now log on as the test user (or other users) without specifying a hostname, thanks to the line "local all all md5" that I added
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
However, I STILL cannot actually do anything with any of the tables in the database.
$ psql -W -U test_user -d boards_db
Password:
psql (12.9 (Ubuntu 12.9-0ubuntu0.20.04.1))
Type "help" for help.
boards_db=> select * from sessions;
ERROR: permission denied for table sessions
The trick of setting default privileges before creating all the tables etc. has worked before in a multitude of database. Why doesn't it work here? Why can test_user not access the tables?
I'm trying to configure my PostgreSql database ("mydb") in order to give login rights to the windows "LocalSystem" account.
I've created a user in my database named LocalSystem
SQL> CREATE USER LocalSystem;
Then, I've tried using SSPI config in pg_hba.conf, but maybe I've misconfigured the configuration line:
# TYPE DATABASE USER ADDRESS METHOD
host mydb LocalSystem 127.0.0.1/32 sspi
When I run a command using psql, I'm asked to provide a password...which i didn't expect..
EDIT:
I've also tried to map my domain account to a postgres user, using
pg_ident.conf
#MAPNAME SYSTEM-USERNAME PG-USERNAME
postgresname domain\username postgresname
pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
host mydb postgresname 127.0.0.1/32 sspi
Does someone know what should I do?
Thanks
It asks for the password of the Postgres account, not the Windows account. you can set the Postgres password through ALTER ROLE or in psql using the \password command
You need to add new mapping line to pg_ident.conf:
anyMappingName "SYSTEM#NT AUTHORITY" postgresUserName
Add this mapping to all active lines in pg_hba.conf:
host mydb all 127.0.0.1/32 sspi map=anyMappingName
Then you should connect to postgres db as postgresUserName user. I mean you should define Username in your connection string, and also define IntegratedSecurity as TRUE.
For example, postgresUserName can be "LocalSystem" user, that you created in postgres db earlier, or superuser "postgres".
Hello i am a beginner to postgresql, I am unable to connect Postgresql database on linux system from windows through pgadmin client . I am getting the following error
FATAL: no pg_hba.conf entry for host "192.168.1.42", user "postgres", database "postgres", SSL off
Kindly suggest me how to do.Thanks in advance
On the db server, edit your pg_hba.conf file and add a line similar to this:
host all all 192.168.1.42/32 md5
If you don't want to use a password (I won't get into the security aspects), you can switch the "md5" for "trust". If you only want to allow the postgres user access to the postgres maintenance database, then switch both "all" words with "postgres" (no quotes).
You'll need to reload the config files after making any changes.
Eg.
pg_ctl reload
or
select pg_reload_conf(); -- as the superuser
If you don't know which pg_hba.conf file your database cluster is using, if you can connect to any of the databases, issue select current_setting('hba_file');
by default, postgresql deny all connexion if it's not from "localhost"
here is a link for you :
https://wiki.debian.org/PhpPgAdmin
So this is super strange. I'm trying to do a simple select using dblink as such:
SELECT * FROM dblink('dbname=my_db_name, user=my_user,
password=password, hostaddr=127.0.0.1', 'SELECT action, object,
created_at, id FROM my_table') AS de(ACTION VARCHAR, OBJECT VARCHAR,
created_at TIMESTAMP, id INT)
And I immediately am getting an error message of:
PG::SqlclientUnableToEstablishSqlconnection: ERROR: could not
establish connection DETAIL: FATAL: role "my_user," does not exist
But if I connect to psql locally and print out the list of users using \du you'll see it's listed:
List of roles
Role name | Attributes | Member of
---------------+------------------------------------------------+-----------
MyName | Superuser, Create role, Create DB, Replication | {}
my_user | Create DB | {}
I'm really at a loss as to how to fix this, googling hasn't helped me much at all either. Any thoughts as to why it's giving me this error message?
When I connect using my superuser account I don't need to specify a password and the dblink runs fine, so I'm quite confused. Here is by pg_hba.conf:
local all all trust
local all all md5
host all all 192.168.33.1/24 trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 trust
host all all ::1/128 md5
Thanks in advance!
Try removing the commas from the connection string.
SELECT * FROM dblink('dbname=my_db_name user=my_user password=password hostaddr=127.0.0.1', 'SELECT action, object, created_at, id FROM my_table') AS de(ACTION VARCHAR, OBJECT VARCHAR, created_at TIMESTAMP, id INT)
This should fix the issue where it tries to authenticate as my_user,.
Secondly, your pg_hba configuration is an issue. Because you have the 'trust' method first, it will be used. Either try placing the 'md5' entries before the 'trust' entries, or remove the 'trust' entries. (Set a password for your own postgres account first, so that you can still authenticate once passwords are required.)
The reason for the second issue is that if 'trust' is enabled for the hostname you're connected from, it will authenticate the user without requiring a password, and since non-superusers cannot connect without a password, it will fail to connect.
Finally, the user running the query that calls dblink must be authenticated using a password. So if you're using 'trust' authentication to connect to the database, then running dblink, you will also get an error. To fix this, change to md5 authentication and connect using a password.
You're using commas in the connection string. The error message says:
FATAL: role "my_user," does not exist
Which indicates the exact error in this case. This is not the way do do it. You should only space separate the items in the connection string like:
SELECT * FROM dblink('dbname=my_db_name user=my_user password=password hostaddr=127.0.0.1', 'SELECT action, object, created_at, id FROM my_table') AS de(ACTION VARCHAR, OBJECT VARCHAR, created_at TIMESTAMP, id INT)
I want to do some cross database references in my application. Briefly, i have two databases called meta and op. I want to do some select query from meta to a table in op database like below but getting the below error. I tried with password and without password. by the way caixa user is a non-super user and my target server (op db server is having MD5 authentication mode.)
meta=> select * from dblink('dbname=op password=caixa','SELECT op_col from op_table') AS t(op_col varchar);
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
What the HINT in the above error message suggests? do i need to change the server's auth mode? Without changing the server's auth mode (MD5) can't i run the above query?
From documentation:
Only superusers may use dblink_connect to create
non-password-authenticated connections. If non-superusers need this
capability, use dblink_connect_u instead.
and
dblink_connect_u() is identical to dblink_connect(), except that it
will allow non-superusers to connect using any authentication method.
That means your dblink call is using dblink_connect implicitly. Use dblink_connect_u instead or change your auth method to e.g. md5.
Note that you also need grant execute privilege to caixa role, for example by:
GRANT EXECUTE ON FUNCTION dblink_connect_u(text) TO caixa;
GRANT EXECUTE ON FUNCTION dblink_connect_u(text, text) TO caixa;
Working example (after GRANT):
meta=> SELECT dblink_connect_u('conn1', 'dbname=op');
meta=> SELECT * FROM dblink('conn1','SELECT op_col from op_table')
AS t(op_col varchar);
op_col
--------
aaa
bbb
ccc
(3 rows)
meta=> SELECT dblink_disconnect('conn1');
EDIT:
Sorry for slightly misleading answer. Of course you don't need dblink_connect_u for md5 authenticated
connection. There is one possibility I see. PostgreSQL has two different connection types: host and local.
Running:
psql -h localhost ..
incorporates host connection, but
dblink_connect('mycon','dbname=vchitta_op user=caixa password=caixa');
uses local type, so if you have non-password method for local connection (for example ident method or trust), then it returns
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
Check
dblink_connect('mycon','hostaddr=127.0.0.1 dbname=vchitta_op user=caixa password=caixa')
for host connection. For clarity if possible please post your pg_hba.conf.
I also checked what about CONNECT privilege on vchitta_op DB, but error message is different:
REVOKE CONNECT ON DATABASE vchitta_op FROM PUBLIC;
REVOKE CONNECT ON DATABASE vchitta_op FROM caixa;
SELECT dblink_connect('mycon','dbname=vchitta_op user=caixa password=caixa');
ERROR: could not establish connection
DETAIL: FATAL: permission denied for database "vchitta_op"
DETAIL: User does not have CONNECT privilege.
There's a workaround that did the trick for me. Non-superusers can execute functions with privileges of a superuser if "SECURITY DEFINER" option is set.
( http://www.postgresql.org/docs/9.1/static/sql-createfunction.html )
That means you can create a function (with superuser owner and SECURITY DEFINER option) that does cross-database manipulation (using dblink() without password) and execute it under non-superuser
I have a similar but a different issue. I have two servers with identical postgres.conf and pg_hba.conf. However one on version 9.2.3 and one on 9.2.4
9.2.3
pg_hba.conf has
local all dblinkuser trust
then I connect to database using any ordinary user
theater_map=# select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
dblink_connect
----------------
OK
(1 row)
success in connection.
9.2.4
my pg_hba.conf has the same entry as above
theater_map=> select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
NOW
I change my pg_hba.conf on 9.2.4 as below
local all dblinkuser md5
and restart postgres
theater_map=> select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
dblink_connect
----------------
OK
(1 row)
I Checked the change log between versions 9.2.3 and 9.2.4 but could not find any details.
note: changing auth method from trust to md5 on 9.2.3 does not make any difference and still works.
I found this question googling for same error message, though I use fdw extension rather than db_link. Following steps helped to fix my problem:
find user has no password and set it on - alter user myuser with password 'mypassword'
find authentication method is trust and set it to md5 - vim /var/lib/postgresql/data_/pg_hba.conf
reload pg_hba.conf - SELECT pg_reload_conf(); from psql (log out and log in to verify password is required)
(optionally try access from remote machine, db browser etc.)
setup foreign server and its user mapping - CREATE USER MAPPING FOR CURRENT_USER SERVER myserver OPTIONS (user 'myuser', password 'mypassword');
PostgreSQL 11.10
SELECT ext.column1 from
dblink('hostaddr=192.192.192.192 dbname=yourDbname user=yourUsername password=yourpass',
'select a."column1" from "Table1" a where a."column2"=2')
as ext(column1 text)