I accidentally removed the super user privilege from user: postgres. I don't know how to get another super user. I stopped the postgres service and tried logging in with single-user mode:
/usr/pgsql-10/bin/postgres --single -D /var/lib/pgsql/10/data
I get this error:
"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise. See the documentation for
more information on how to properly start the server.
In Linux, how can I start Postgres in single-user mode so I can fix the super user privilege?
Edit: I used this link for reference, but I'm getting the error mentioned above.
Accidently removed postgres default superuser privileges - can I get it back?
I combined solutions from these three links:
Accidently removed postgres default superuser privileges - can I get it back?
Restoring the superuser account on the postgres server
“root” execution of the PostgreSQL server is not permitted
After stopping the postgresql service, I ran this command:
sudo -u postgres /usr/pgsql-10/bin/postgres --single -D /var/lib/pgsql/10/data
/usr/pgsql-10/bin/postgres is the location of my postgres binary
/var/lib/pgsql/10/data is the location of my postgresql conf
This allowed me to access single user mode, where I just typed this command:
ALTER USER postgres SUPERUSER;
So if anyone is experiencing the same scenario as me, please give the posted command a try.
just adding this for postgresql 12 (Ubuntu) and possibly up
sudo -su postgres /usr/lib/postgresql/12/bin/postgres --single -D /etc/postgresql/12/main
I have a new google compute engine instance. I am SSH'ed into the instance using certs. Whenever I try to use sudo it asks for the primary user's password which I do not have. Just recently I setup an instance on centos 7 and did not have this issue.
The instance is running centos 8. Normally, I would ssh to the instance, then execute commands using Sudo. For example, I would like to set the root password.
if I run sudo passwd, sudo su - or even sudo cat /var/log/messages it asks me for the primary user's password. The problem is I do not have that password.
[primaryuser#server4 log]$ **sudo cat messages**
**[sudo] password for primaryuser:**
##########
[primaryuser#server4 log]$ **sudo passwd**
**[sudo] password for primaryuser:**
I expected to run the commands using sudo but do not have the password.
Does anyone have any ideas? I read other posts about similar problems but different from mine.
I had to give up and use ubuntu. Everything acted as expected on ubuntu and I was able to set the password. I believe the problem is limited to centos 8 but I am not certain.
I was following the tutorial linked below to install PostgreSQL with python3 on Ubuntu:
https://www.fullstackpython.com/blog/postgresql-python-3-psycopg2-ubuntu-1604.html
Right after this step:
$ createuser matt -P --interactive
Where we create a user account within the "postgres" base user provided by PostgreSQL.
I then close the terminal to come back to the tutorial afterward.
I couldn't find how to switch back to the user previously created and finally went around it with:
ALTER DATABASE name_db OWNER TO name_new_user.
But how am I supposed to switch from 'postgres' default user to another user created previously in PostgreSQL?
If you're already logged in to PostgreSQL, you can change users with the set role command, for example, to switch to "matt":
set role matt;
If you're not already logged in to PostgreSQL, and are using psql, there are a few ways:
$ psql -U matt
of if you want to usually log in as matt:
$ echo 'PGUSER=matt' >> ~/.profile
$ source ~/.profile
$ psql
where .profile is where you store OS environment variables
I am learning SQL, via postgres. I understand the basic concepts of databases, but I'm having some IT trouble. I am following this tutorial.
Go to my working directory:
myname#myname:~$ cd Dropbox/working_directory
make a new user:
myname#myname:~/Dropbox/working_directory$ sudo -u postgres createuser --interactive
[sudo] password for myname:
could not change directory to "/home/myname/Dropbox/working_directory": Permission denied
Enter name of role to add: sammy
Shall the new role be a superuser? (y/n) y
OK, it couldn't change the working directory, but it let me add "sammy", and set "sammy" to be a superuser. Is this what happened?
According to the tutorial, one should make a database with the same name as the user. This seems arbitrary. Is that so? Anyway, when I go and try to create a database named "sammy", I get an error that I can't change the working directory:
myname#myname:~/Dropbox/working_directory$ sudo -u postgres createdb sammy
could not change directory to "/home/myname/Dropbox/working_directory": Permission denied
Looking in the file browser, I don't see any sign of "sammy"
1. Why can't I change the working directory? How do I make an empty database? What is the logic behind this behavior?
2. Is naming it "sammy" as ridiculous as it seems? Do users need to be named the same as the databases? Why or why not?
It doesn't seem to help to log into the postgres identity that installs with postgres:
myname#myname:~/Dropbox/working_directory$ sudo -i -u postgres
[sudo] password for myname:
postgres#myname:~$ pwd
/var/lib/postgresql
postgres#myname:~$ cd /home
postgres#myname:/home$ cd /home/myname/
-bash: cd: /home/myname/: Permission denied
OK, that didn't work. Now, go back to myname#myname:
postgres#myname:/home$ sudo -i -u myname
[sudo] password for postgres:
Sorry, try again.
[sudo] password for postgres:
Sorry, try again.
[sudo] password for postgres:
sudo: 3 incorrect password attempts
postgres#myname:/home$
This is where I start swearing.
3. How does one get out of the postgres identity? Besides closing the terminal and opening another one?
You are confused on several levels.
The message
could not change directory to "...": Permission denied
is not from PostgreSQL or the createuser and createdb commands, but from sudo.
It tells you that after becoming operating system user postgres, it cannot run in your current directory, because user postgres doesn't have the required file system permissions.
Processing continues, however (in a different working directory), and the createuser and createdb commands succeed.
createuser and createdb do not create something in your current working directory, but in the database directory.
This directory belongs to postgres, and you probably can find it with
echo $PGDATA
when you are user postgres.
You exit an interactive sudo session by typing exit, and the name you give to a database is your choice. You would probably not call your production database “sammy”, but then, why not? Just make sure that you use only letters, numbers and underscores and no upper case characters.
I have just installed postgresql and I specified password x during installation.
When I try to do createdb and specify any password I get the message:
createdb: could not connect to database postgres: FATAL: password authentication failed for user
Same for createuser.
How should I start?
Can I add myself as a user to the database?
The other answers were not completely satisfying to me. Here's what worked for postgresql-9.1 on Xubuntu 12.04.1 LTS.
Connect to the default database with user postgres:
sudo -u postgres psql template1
Set the password for user postgres, then exit psql (Ctrl-D):
ALTER USER postgres with encrypted password 'xxxxxxx';
Edit the pg_hba.conf file:
sudo vim /etc/postgresql/9.1/main/pg_hba.conf
and change "peer" to "md5" on the line concerning postgres:
local all postgres peer md5
To know what version of postgresql you are running, look for the version folder under /etc/postgresql. Also, you can use Nano or other editor instead of VIM.
Restart the database :
sudo /etc/init.d/postgresql restart
(Here you can check if it worked with psql -U postgres).
Create a user having the same name as you (to find it, you can type whoami):
sudo createuser -U postgres -d -e -E -l -P -r -s <my_name>
The options tell postgresql to create a user that can login, create databases, create new roles, is a superuser, and will have an encrypted password. The really important ones are -P -E, so that you're asked to type the password that will be encrypted, and -d so that you can do a createdb.
Beware of passwords: it will first ask you twice the new password (for the new user), repeated, and then once the postgres password (the one specified on step 2).
Again, edit the pg_hba.conf file (see step 3 above), and change "peer" to "md5" on the line concerning "all" other users:
local all all peer md5
Restart (like in step 4), and check that you can login without -U postgres:
psql template1
Note that if you do a mere psql, it will fail since it will try to connect you to a default database having the same name as you (i.e. whoami). template1 is the admin database that is here from the start.
Now createdb <dbname> should work.
Under Linux PostgresQL is usually configured to allow the root user to login as the postgres superuser postgres from the shell (console or ssh).
$ psql -U postgres
Then you would just create a new database as usual:
CREATE ROLE myuser LOGIN password 'secret';
CREATE DATABASE mydatabase ENCODING 'UTF8' OWNER myuser;
This should work without touching pg_hba.conf. If you want to be able to do this using some GUI tool over the network - then you would need to mess with pg_hba.conf.
There are two methods you can use. Both require creating a user and a database.
Using createuser and createdb,
$ sudo -u postgres createuser --superuser $USER
$ createdb mydatabase
$ psql -d mydatabase
Using the SQL administration commands, and connecting with a password over TCP
$ sudo -u postgres psql postgres
And, then in the psql shell
CREATE ROLE myuser LOGIN PASSWORD 'mypass';
CREATE DATABASE mydatabase WITH OWNER = myuser;
Then you can login,
$ psql -h localhost -d mydatabase -U myuser -p <port>
If you don't know the port, you can always get it by running the following, as the postgres user,
SHOW port;
Or,
$ grep "port =" /etc/postgresql/*/main/postgresql.conf
Sidenote: the postgres user
I suggest NOT modifying the postgres user.
It's normally locked from the OS. No one is supposed to "log in" to the operating system as postgres. You're supposed to have root to get to authenticate as postgres.
It's normally not password protected and delegates to the host operating system. This is a good thing. This normally means in order to log in as postgres which is the PostgreSQL equivalent of SQL Server's SA, you have to have write-access to the underlying data files. And, that means that you could normally wreck havoc anyway.
By keeping this disabled, you remove the risk of a brute force attack through a named super-user. Concealing and obscuring the name of the superuser has advantages.
This is my solution:
su root
su postgres
psql
EDIT: Warning: Please, read the answer posted by Evan Carroll. It seems that this solution is not safe and not recommended.
This worked for me in the standard Ubuntu 14.04 64 bits installation.
I followed the instructions, with small modifications, that I found in http://suite.opengeo.org/4.1/dataadmin/pgGettingStarted/firstconnect.html
Install postgreSQL (if not already in your machine):
sudo apt-get install postgresql
Run psql using the postgres user
sudo –u postgres psql postgres
Set a new password for the postgres user:
\password postgres
Exit psql
\q
Edit /etc/postgresql/9.3/main/pg_hba.conf and change:
#Database administrative login by Unix domain socket
local all postgres peer
To:
#Database administrative login by Unix domain socket
local all postgres md5
Restart postgreSQL:
sudo service postgresql restart
Create a new database
sudo –u postgres createdb mytestdb
Run psql with the postgres user again:
psql –U postgres –W
List the existing databases (your new database should be there now):
\l
In MacOS, I followed the below steps to make it work.
For the first time, after installation, get the username of the system.
$ cd ~
$ pwd
/Users/someuser
$ psql -d postgres -U someuser
Now that you have logged into the system, and you can create the DB.
postgres=# create database mydb;
CREATE DATABASE
postgres=# create user myuser with encrypted password 'pass123';
CREATE ROLE
postgres=# grant all privileges on database mydb to myuser;
GRANT
If you're running macOS like I am, you may not have the postgres user.
When trying to run sudo -u postgres psql I was getting the error sudo: unknown user: postgres
Luckily there are executables that postgres provides.
createuser -D /var/postgres/var-10-local --superuser --username=nick
createdb --owner=nick
Then I was able to access psql without issues.
psql
psql (10.2)
Type "help" for help.
nick=#
If you're creating a new postgres instance from scratch, here are the steps I took. I used a non-default port so I could run two instances.
mkdir /var/postgres/var-10-local
pg_ctl init -D /var/postgres/var-10-local
Then I edited /var/postgres/var-10-local/postgresql.conf with my preferred port, 5433.
/Applications/Postgres.app/Contents/Versions/10/bin/postgres -D /Users/nick/Library/Application\ Support/Postgres/var-10-local -p 5433
createuser -D /var/postgres/var-10-local --superuser --username=nick --port=5433
createdb --owner=nick --port=5433
Done!
Note: textdb is the database which you are going to explore with 'alex' user
root#kalilinux:~# sudo su - postgres
postgres=# psql
postgres=# create database testdb;
postgres=# create user alex with password 'alex';
postgres=# GRANT ALL PRIVILEGES ON DATABASE testdb TO alex;`enter code here`
You probably need to update your pg_hba.conf file. This file controls what users can log in from what IP addresses. I think that the postgres user is pretty locked-down by default.
Just browse up to your installation's directory and execute this file "pg_env.bat", so after go at bin folder and execute pgAdmin.exe. This must work no doubt!