I want to backup my postgresql database with a automatic backup program and that program only support a script line that backup with pg_dump.
I can't provide password in this script so I changed method from pg_hba.conf file from md5 to trust so that it won't ask for password and I used --no-password option.
How can I change this to md5 and provide password for it.
I would use a .pgpass file or use the peer authentication method. Details here:
Run batch file with psql command without password
Related
My main concern is having passwords in the script (Postgres function), I am looking for a solution that how can avoid using passwords in Postgres functions.
I have a problem with using dblink_connect() in my function.
When I provide the password in the connection string, there is no problem, but when I don’t, it says:
ERROR: could not establish connection
DETAIL: fe_sendauth: no password supplied
However the .pgpass file in the path /var/lib/postgres/.pgpass does contain the proper password.
I have tried to connect to another database in the same server using dblink with psql from bash with the following command:
psql –h localhost –U myuser –w remote_db_name
It works fine.
My .pgpass file does have the line:
Localhost:5432:*:myuser:mypassword
It seems the psql finds the proper password in the .pgpass file but dblink doesn’t.
So I forgot the password of the postgres user on my PostgreSQL server. I then changed all the md5 settings in the pg_hba.conf file to trust, restarted the server and then changed the password of the postgres user using ALTER USER postgres.... Now I changed the trust settings back to md5, restarted the server again, but when I now want to perform psql -U postgres it immediately returns an error:
psql: FATAL: password authentication failed for user "postgres"
password retrieved from file "/root/.pgpass"
without asking me to enter any password. The .pgpass file has the following line in it:
*:*:*:postgres:SOME_HASH
EDIT:
Somehow this only appears when logging in as root to my server... With my other user it works just fine...
The immediate solution is to remove the .pgpass file that contains the wrong password. If you didn't create that file yourself, odds are that pgAdmin did that for you when you told it to save the password.
If you specify '-W', then psql will prompt you for a password and ignore the .pgpass file. But why not fix .pgpass, or if you aren't using it, then remove it?
I need to run multiple commands on an AWS Postgres RDS instance I have. I don't want to enter the password each time. I'm trying to use the .pgpass file but I'm running into errors. The first time I ran into an error which said 'role "ubuntu username" does not exist'. I logged in as the postgres user and created that username. After this, the error I get said database does not exist. I have a feeling these errors have nothing to do with trying to connect to the AWS RDS instance.
psql --host=<awshost> --port=5432 --username=<awsrdsusername> --password --dbname=<dbname asks for a password and then logs me in after I enter it. Now I put a file in /home/<ubuntuusername> called .pgpass which has <awshost>:5432:<dbname>:<awsrdsusername>:<password>. Permissions for this file are set to 0600. Now when I run psql from the terminal and that produces the error - psql: FATAL: role "<ubuntuusername>" does not exist. These steps are as outlined on this page.
Can someone help me with the steps to get a pgpass file to connect to an AWS RDS instance?
.pgpass doesn't provide connection information. You seem to expect that after you create a .pgpass file, you can run psql without arguments and it'll know where to connect. That is not the case.
The hostname, port, etc you put in .pgpass are there so that PostgreSQL knows which line to look at when matching the connection info to find its password.
If you had to run:
psql -h something
to connect without a .pgpass file, you still have to run the same thing to connect with a .pgpass file.
If you run psql without arguments it'll connect to the local PostgreSQL (if any), using the current unix username as the postgresql username and the database to connect to. That's why you get the error you do.
If you want to change the default connection, you can use environment variables like PGHOST, PGPORT, etc, and/or a .pgservice.conf file.
See the manual to learn more.
How can I set up multiple authentication methods for the same host/database/user rule? I want to be able to log in to my postgres user using both sudo -u postgres psql -U postgres (without having to enter a PostgreSQL password) and psql -U postgres --password. Something like the following in pg_hba.conf:
local all postgres md5
local all postgres peer
I can only get one method or the other working at the same time.
Thanks.
(I am using PostgreSQL 9.1).
Nope. Only one auth method is supported for any given configuration.
I'd love it if Pg could support fall-back authentication, where if an ident check fails it allows md5 auth instead. It doesn't support this at the moment, though, and I suspect (I haven't verified) that a protocol change would be required to support it.
What you can do is store the password in a $HOME/.pgpass file for the postgres system user. Give it mode 0600 so it's only readable by the postgres user and by root, both of whom can get direct access to the database files and configuration anyway. That way you get easy admin and md5 auth. On some systems you may have to set and create a home directory for the postgres user before you can do this. See getent passwd postgres to see if if the postgres user has a homedir and if so, where it is.
(UPDATE: used to read $HOME/.psqlrc - which is useful, but .pgpass is suitable for password storage)
I have a fabric script that dumps database on server. And I can use it on multiple servers with the PostgreSQL database. The command is simple:
sudo("su postgres -c \"PGPASSWORD=%s pg_dump %s > /tmp/telemedia_newdb\""
% (HOST_SOURCE_DB_UPASS,HOST_SOURCE_DB))
But sometimes, Postgres does not ask for a password at all ...
Will this command fail without a password prompting from Postgres? (Or I know that it will not prompt and HOST_SOURCE_DB_UPASS=''). I want THIS code to work with or without password.
It all depends on how you set up access to your database in pg_hba.conf. There is a separate config file per database cluster (effectively per port) and settings can be different from database to database.
So, yes, if you have set it up that way, then the system user postgres will have password-less access to some databases but is prompted to enter a password for others. The default is that the system user postgres has password-less access to every database as database user of the same name (postgres).
If you provide a password in the command with the environment variable PGPASSWORD, but no password is needed, it will be ignored silently.
However, I quote the manual here:
PGPASSWORD (...) Use of this environment variable is not recommended for security reasons.
You can use a password file to provide passwords automatically (.pgpass on Unix systems). pg_dump will use it.
Finally, consider the command line options:
--no-password
--password
to force pg_dump to either prompt or not prompt for a password. If a password is required but disabled by --no-password, pg_dump will fail.
I would enable password-less access for the system user postgres to every database in the config file pg_hba.conf. Use peer or ident authentication methods. Then you don't have to provide a password and the script will always work:
local all postgres ident
Your script would be simplified to (untested):
sudo("su postgres -c \"pg_dump %s > /tmp/telemedia_newdb\"" % (HOST_SOURCE_DB))