So I want to import a database schema but it fails. PostgreSQL Version is 9.5.11. Maybe the command is outdated? The user "user" is already set up. Do I need to pass a password additionally in the command?
postgres#root:~$ psql -d database -U user -f createdb.sql
psql: FATAL: Peer authentication failed for user "user"
In postgresql by default if you connect using unix socket the authentification is done with the peer method, this means you must use the same login unix and postgresql user. Here you try to user the user user but when running psql with the unix user postgres so it won't work. There is many different solutions, do you action as user postgres under postgres and then change the ownership later, or create a unix user calles user and do the action with it. You may define a password for the user postgres and connect on the loopback too. But if you don't understand how pg_hba.conf works it's not a good idea to modify it.
Related
So I have PostgreSQL installed fine, and am trying to run the createdb 'test' command in the Terminal. I am on my normal user account. When trying to create the database, I am asked for a password twice, then I get the error message createdb: error: could not connect to database template1: FATAL: password authentication failed for user "sethmarks". Does this mean I entered the incorrect password or that I do not have permission to create databases under this user? I am getting confused and frustrated by this and would like to know what is going on. I am entering the password I use for the OS user I am currently logged into.
I am able to create a database when I do sudo su - postgres and then create it when I am doing it under the Postgres user, but that is not going to work with my program. Can anybody help me figure this out?
I included a picture of the terminal to show the process and what happens when attempting to create a new db. Thank you very much.
It depends on the privileges that have been granted to your user account and which privileges have been granted to PUBLIC.
You can query some privileges with psql \du meta command for the current user.
In your case you need at least to run as superuser:
grant connect on database template1 to sethmarks;
I don't exactly why password is requested twice: this is not caused by wrong password: I have the same behaviour but I need to give the database user password not the OS user password.
I just installed Firebird for Win64, and I was trying to connect to the employee database which comes pre-packaged with ISQL.
Following the steps from the Firebird official QuickStart Documentation I opened the ISQL utility and entered:
connect localhost:employee user sysdba password masterkey;
As a result I got:
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
Strangest thing is that if I navigate to the employee database sample itself and issue the isql command from there I can successfully connect.
The difference is that connecting directly to a database file doesn't require a password, it will even ignore the password, and just use the provided user to know which privileges to apply.
Without a hostname, ISQL will by default use Firebird embedded mode, and not the server. To compare, try using isql employee.fdb (or isql employee), it will just login with your current OS username, while isql localhost:employee will fail with a 'Your user name and password are not defined'.
It looks like you specified a different password than the default of masterkey, or somehow the sysdba account wasn't initialized. I recall there was a problem with the installer of an earlier Firebird 3 version, but I don't think 3.0.2 should be affected by this (or at least: it worked for me).
If the SYSDBA account wasn't initialized, then follow the steps of the Firebird 3 release notes, section Initializing the Security Database:
Initialization Steps
Initialization is performed in embedded mode using the isql utility.
For an embedded connection, an authentication password is not required
and will be ignored if you provide one. An embedded connection will
work fine with no login credentials and “log you in” using your host
credentials if you omit a user name. However, even though the user
name is not subject to authentication, creating or modifying anything
in the existing security database requires that the user be SYSDBA;
otherwise, isql will throw a privilege error for the CREATE USER
request.
The SQL user management commands will work with any open database.
Because the sample database employee.fdb is present in your
installation and already aliased in databases.conf, it is convenient
to use it for the user management task.
Stop the Firebird server. Firebird 3 caches connections to the security database aggressively. The presence of server connections may
prevent isql from establishing an embedded connection.
In a suitable shell, start an isql interactive session, opening the employee database via its alias:
> isql -user sysdba employee
Create the SYSDBA user:
SQL> create user SYSDBA password 'SomethingCryptic';
SQL> commit;
SQL> quit;
To complete the initialization, start the Firebird server again. Now you will be able to perform a network login to databases,
including the security database, using the password you assigned to
SYSDBA.
Where 'SomethingCryptic', should be your password.
If a SYSDBA user was created, you will need to change its password if you no longer remember what you set. Follow the same steps, but in step 3 do:
SQL> alter user SYSDBA set password '<new password>';
SQL> commit;
SQL> quit;
If this gives an error "record not found for user: SYSDBA", make sure you are really connected as SYSDBA, otherwise retry the original step 3. Not having admin access will behave as if the user doesn't exist, so the error is the same if the user really doesn't exist, or if you are connected with an unprivileged user.
CONNECT 'employee' user 'SYSDBA' password 'masterkey';
You need make sure that your alias.conf have something like this: employee=C:/examplepath/employee.fdb
make sure that the services of firebird is on
I created an admin user with password in pgadmin4:
CREATE USER admin WITH
LOGIN
SUPERUSER
CREATEDB
CREATEROLE
INHERIT
REPLICATION
CONNECTION LIMIT -1
PASSWORD 'xxxxxx';
But I can login to the respective server with the admin user and any wrong password.
I used psql command line to check if the user has been created, and it is.
# SELECT usename FROM pg_user;
usename
------------
postgres
xxxxxxxxxxx
admin
(3 rows)
I checked if I can login with the admin user and a wrong password through psql command line, and it worked...
Am I doing something wrong?
Pgadmin4 v1.1
Postgresql v9.6
Same problem on Centos 6.8 and macOSX 19.12.1
This is speculation, but it's educated speculation, as I encountered a similar issue.
If your pg_hba.conf file, I am pretty confident you have the admin user set up as "trust." This pretty much means it can log in from anywhere you specified, without a password.
If you change this to "md5," it should resolve the issue.
# TYPE DATABASE USER ADDRESS METHOD
host all admin <whatever> trust
change to
host all admin <whatever> md5
Of course some of these fields may be different, depending on how you have the server set up, but you get the idea.
I'm trying to set up Postgres for the first time, and I need to create a user with permissions to read and create databases. However, when I use:
createuser username
in my terminal I get the following message:
createuser: could not connect to database postgres: FATAL: role "tom" does not exist
Tom is my Ubuntu user account that I'm logged into right now. I'm trying to create a username of "postgres" then do a psql -U psql template1 so I can create a database and assign an owner to it for my Rails app.
You mentioned Ubuntu so I'm going to guess you installed the PostgreSQL packages from Ubuntu through apt.
If so, the postgres PostgreSQL user account already exists and is configured to be accessible via peer authentication for unix sockets in pg_hba.conf. You get to it by running commands as the postgres unix user, eg:
sudo -u postgres createuser owning_user
sudo -u postgres createdb -O owning_user dbname
This is all in the Ubuntu PostgreSQL documentation that's the first Google hit for "Ubuntu PostgreSQL" and is covered in numerous Stack Overflow questions.
(You've made this question a lot harder to answer by omitting details like the OS and version you're on, how you installed PostgreSQL, etc.)
See git gist with instructions here
Run this:
sudo -u postgres psql
OR
psql -U postgres
in your terminal to get into postgres
NB: If you're on a Mac and both of the commands above failed jump to the section about Mac below
postgres=#
Run
CREATE USER new_username;
Note: Replace new_username with the user you want to create, in your case that will be tom.
postgres=# CREATE USER new_username;
CREATE ROLE
Since you want that user to be able to create a DB, you need to alter the role to superuser
postgres=# ALTER USER new_username SUPERUSER CREATEDB;
ALTER ROLE
To confirm, everything was successful,
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
new_username | Superuser, Create DB | {}
postgres | Superuser, Create role, Create DB, Replication | {}
root | Superuser, Create role, Create DB | {}
postgres=#
Update/Modification (For Mac):
I recently encountered a similar error on my Mac:
psql: FATAL: role "postgres" does not exist
This was because my installation was setup with a database superuser whose role name is the same as your login (short) name.
But some linux scripts assume the superuser has the traditional role name of postgres
How did I resolve this?
If you installed with homebrew run:
/usr/local/opt/postgres/bin/createuser -s postgres
If you're using a specific version of postgres, say 10.5 then run:
/usr/local/Cellar/postgresql/10.5/bin/createuser -s postgres
OR:
/usr/local/Cellar/postgresql/10.5/bin/createuser -s new_username
OR:
/usr/local/opt/postgresql#11/bin/createuser -s postgres
If you installed with postgres.app for Mac run:
/Applications/Postgres.app/Contents/Versions/10.5/bin/createuser -s postgres
P.S: replace 10.5 with your PostgreSQL version
sudo -u postgres createuser -s tom
this should help you as this will happen if the administrator has not created a PostgreSQL user account for you. It could also be that you were assigned a PostgreSQL user name that is different from your operating system user name, in that case you need to use the -U switch.
Your error is posted in the official documentation. You can read this article.
I have copied the reason for you (and hyperlinked the URLs) from that article:
This will happen if the administrator has not created a PostgreSQL user account for you. (PostgreSQL user accounts are distinct from operating system user accounts.) If you are the administrator, see Chapter 20 for help creating accounts. You will need to become the operating system user under which PostgreSQL was installed (usually postgres) to create the first user account. It could also be that you were assigned a PostgreSQL user name that is different from your operating system user name; in that case you need to use the -U switch or set the PGUSER environment variable to specify your PostgreSQL user name
For your purposes, you can do:
1) Create a PostgreSQL user account:
sudo -u postgres createuser tom -d -P
(the -P option to set a password; the -d option for allowing the creation of database for your username 'tom'. Note that 'tom' is your operating system username. That way, you can execute PostgreSQL commands without sudoing.)
2) Now you should be able to execute createdb and other PostgreSQL commands.
1- Login as default PostgreSQL user (postgres)
sudo -u postgres -i
2- As postgres user. Add a new database user using the createuser command
[postgres]$ createuser --interactive
3-exit
[postgres]$ exit
If you don't want to change the authentication method (ident) and mess with pg_hba.conf use this:
First login as the default user
sudo su - postgres
then access psql and create a user with the same name as the one you are login in
postgres=# CREATE USER userOS WITH PASSWORD 'garbage' CREATEDB;
you can verify your user with the corresponding roles with
postgres=# \du
Afer this you can create your database and verify it with
psql -d dbName
\l
\q
I had the same issue, i just do this
sudo su - postgres
createuser odoo -U postgres -dRSP #P for password
(odoo or user name that you want o give the postgres access)
On Windows use:
C:\PostgreSQL\pg10\bin>createuser -U postgres --pwprompt <USER>
Add --superuser or --createdb as appropriate.
See https://www.postgresql.org/docs/current/static/app-createuser.html for further options.
For Linux, you can activate SUPERUSER to enable to create databases like this:
Go to terminal/shell
Enter inside postgres using
sudo -u postgres -i
Now your terminal will be like "postgres#anish-Latitude-E7450:~$"
Enter postgres terminal using
psql
Now your terminal will be like "postgres=#"
Enter alter user [postgres_user_name] createdb;
Now the user will be having access to create db.
Exit psql using '\q'
Logout postgres using exit
Hope this helps you.
You need to first run initdb. It will create the database cluster and the initial setup
See How to configure postgresql for the first time? and http://www.postgresql.org/docs/8.4/static/app-initdb.html
After I installed PostgreSQL 9.1 on Ubuntu 12.04 I set the password for the "postgres" superuser account. I want all users to have to enter their password when loging in. This is why I configured pg_hba.conf like so:
#Database administrative login by Unix domain socket
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
I restarted postgresql after making those changes. When I do this psql -U testuser I get asked for a password, but when I log in with the "postgres" account like so psql -U postgres I get no password prompt and am logged in.
If I force the password prompt with psql -U postgres -W I can log in by typing the correct password or by typing nothing at all. Typing a wrong password gets rejected.
Can anybody please explain to me why this is happening?
On a related note: I see a lot of example where people use ident as authentication method for the "postgres" user, arguing that to become the "postgres" user one needs the root password of the machine. I assume that the reasoning is that if an attacker gets root access, your done anyways. I would prefer to log in with a password though, one which is not the same as the root password. I prefere having different passwords for different things. Is this reasonable?
Output of grep '^[^#]' pg_hba.conf
local all postgres md5
local all all md5
host all all 127.0.0.1/32 md5
Your pg_hba.conf should indeed require a password for unix socket connections, but there are still ways around it that you should verify:
a .pgpass file in the postgres home directory containing the password (also check the PGPASSFILE environment variable for a non-standard path).
the PGPASSWORD environment variable could be set.
And there's also the possibility that you're editing the wrong pg_hba.conf file.
When connected as postgres, the correct path can be obtained for verification with the SHOW hba_file SQL command.
Also, you may want to check the log file, /var/log/postgresql/postgresql-9.1-main.log for confirmation that the configuration files are reloaded when you ask for it, and look for any suspect message during the authentication.
As for the reason why passwordless connections with the postgres user are common, the debian PG-9.1 pg_hba.conf has this comment about disallowing them:
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
Since Debian and Ubuntu use the same postgres packages, this applies to Ubuntu as well.
Re your odd behaviour, I think you've missed a line of pg_hba.conf that's specific to the postgres user. Please show the output of:
grep '^[^#]' pg_hba.conf
As for ident vs md5; personally I prefer ident for interactive use in development, and it's fine for normal users, but I don't think giving access to the postgres user via sudo is a great idea. Both sudo -u postgres psql and psql -U postgres -W grant access to the postgres superuser role and thus file system access as the database user. Neither require a root password, and sudo can easily be constrained via sudoers to limit the invoking user to just running psql. However, with sudo -u postgres psql the client code runs as postgres too, so it's a bigger attack surface, and there's always the chance of the user finding a way to bypass your sudoer limits.
I use ident in dev, md5 in production.