Postgresql cannot change to root with -u shortcut - linux

Recently updated from Postgresql 9.1 to 9.3.
Everything works fine, but I noticed now when I type in:
sudo -u postgres psql
I am getting hit with a permission denied error for changing dir to root.
"Could not change directory to /home/root.
However, when I use:
sudo su - postgres
psql
It accesses it fine. How can I fix this?

change directory to someplace that postgres has access to:
cd /tmp
sudo -u postgres psql

Try this:
sudo -i -u postgres psql
This accomplishes (almost) the same thing as your
sudo su - postgres
The - in the above indicates that you want to use the postgres account's environment. If you remove the -, it will fail similarly to sudo -u
The -i indicates that you want to run the postgres account's login shell (hence cding to their home directory).

For me this did the trick (or you'll get a could not change directory to "/root": Permission denied), pay attention to quotes (')
sudo -Hiu postgres 'pg_dump --column-inserts --data-only --table=someTable entities_db > /var/backups/anywhere/$(date +%Y%m%d_%H%M%S)_someTable.sql'
Note the -Hiufor sudo, or use su - postgres
you can also put that in a cronjob for root with crontab -e

Related

Unable to start postgres after changing to nologin

Due to security recommendations i have changed in /etc/passwd
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
to
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/sbin/nologin
after that i am unable to restart my postgres server
i am getting error:
This account is currently not available
The chsh command changes your shell (or by using sudo the shell for another user. And, since you are not able to login, you must execute this command as another user)
sudo chsh postgres -s /bin/bash

change user and run ssh instruction in 1 line

I'm trying to change my user to one that doesn't need password to run ssh instructions and then do exactly that, run an ssh instruction. What I have now is:
sudo su - testUser ssh testUser#server2 'cat /home/randomUser/hola.txt'
But I'm getting the answer:
/usr/bin/ssh: /usr/bin/ssh: cannot execute binary file
if I put the instructions in a different file called testit like this:
ssh testUser#server2
cat /home/randomUser/hola.txt
and I run:
sudo su - testUser < testit
it works!, but I need to use the one line instruction, someone know what should I change to make it work?
sudo su - testUser
why don't you use just sudo -u testUser as it is supposed to be used?
But anyway, manual pages for the tools you are using is a good start. For sudo:
sudo [...] [command]
This looks good and fits into your example.
For su:
su [options] [username]
Ola ... su does not have any argument command, unless you provide also -c switch, which is written also in the manual page. And it is [option], so it should come in front of [username]! Something like this should do the job:
sudo su -l -c "ssh testUser#server2 'cat /home/randomUser/hola.txt'" testUser
but as I already mentioned, it can be significantly simplified by using sudo only:
sudo -i -u testUser "ssh testUser#server2 'cat /home/randomUser/hola.txt'"

What is the difference between sudo -u postgres psql and sudo psql -U postgres?

I'm new to Postgres and Bash so I'm not sure what the difference is.
I'm trying to automate in a bash script updating a table in Postgres. I have the .sql file and I've created .pgpass file with 600.
The a script that is provided to me uses sudo -u postgres psql db -w < .sql and it fails because it can't find the pass.
Whereas, sudo psql -U postgres db -w < .sql doesn't prompt for a pass and is able to update.
So what's the difference? Why can't the first command get the pass from the .pgpass?
sudo -u postgres is running the rest of the command string as the UNIX user postgres
sudo psql -U postgres db -w is running the command as the UNIX user root and (presumeably) connecting to postgres as the user "postgres"
Probably the .pgpass file doesn't exist for the unix user postgres.
It is a case of peer autentication. If you're running user x and you have user x on your database you're trusted by postgres so you don't have to use password (default settings of instalation). Running sudo psql -u x you're trying to connect from user root to database as user x... root!=x so you need password. Client authentication is controlled by a configuration file pg_hba.conf You can also provide password via .pgpass file. You'll find all needed informations in PostgreSQL documentation.

How i can remove -u in sudo option string by ansible config

I try configure ansible for become other user:
My ansible.cfg entries
sudo_flags=
ssh_args = -t -t
sudo_exe = sudo /bin/su
I can escalate privilege on remote host only one way (and this works in ssh session):
sudo /bin/su anyuser -
Example playbook:
---
- hosts: anyhosts
become: true
become_user: anyuser
tasks:
- name: check becoming anyuser
command: "ls -ltha"
When i run my simple playbook, in verbose log output i see -u option:
'"'"'sudo /bin/su -u anyuser -
How i can disable/remove this -u option in playbook or ansible.cfg?
You have told Ansible that sudo is sudo /bin/su, but as far as Ansible knows it's still using sudo, which supports -u argument. If you want to use some other command for privilege escalation, consider setting become_method.
However, it's not clear why you're not just using sudo, since you appear to have sudo privileges. Possibly setting sudo_exe = sudo sudo would actually solve the problem, since the first sudo would get you root access (which appears to work just fine, based on your question), and then root would be able to run sudo -u ..., which should work just fine.

Scripting automated postgres setup

I'm scripting a system setup and already have postgres installed. Here is a test script (run as root) to try and report the working directory in postgres. Calling pwd as postgres gives /var/lib/postgresql. But the test..
#!/bin/bash
su - postgres
pwd > /home/me/postgres_report
exit
.. fails (obviously) and reports the original working directory. And afterwards the bash shell is stuck in postgres, suggesting the commands are not being called in right order. I understand the bash environmental issues here. I don't have a clue how to do what I need to do, which is automate a postgres process that I can easily do interactively (i.e. step into postgres, execute a command, and exit). Any pointers?
Use sudo.
Use one of:
Passing a one line command to psql
sudo -u postgres psql -c "SELECT ..."`
A here document:
sudo -u postgres psql <<"__END__"
SELECT ...;
SELECT ...;
__END__
(If you want to be able to substitute in shell variables leave out the ", e.g. <<__END__, and backslash escape $ signs you don't want to be variables)
Pass a file to psql
sudo -u postgres psql -f /path/to/file
The sudo -u postgres is of course only required if you need to become the postgres system user to run tasks as the postgres database user via peer authentication. Otherwise you can use psql -U username, a .pgpass file, etc.
#!/bin/bash
# run as root
[ "$USER" = "root" ] || exec sudo "$0" "$#"
echo "=== $BASH_SOURCE on $(hostname -f) at $(date)" >&2
sudo passwd postgres
echo start the postgres
sudo /etc/init.d/postgresql start
sudo su - postgres -c \
"psql <<__END__
SELECT 'crate the same user' ;
CREATE USER $USER ;
ALTER USER $USER CREATEDB;
SELECT 'grant him the priviledges' ;
grant all privileges on database postgres to $USER ;
alter user postgres password 'secret';
SELECT 'AND VERIFY' ;
select * from information_schema.role_table_grants
where grantee='""$USER""' ;
SELECT 'INSTALL EXTENSIONS' ;
CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";
CREATE EXTENSION IF NOT EXISTS \"pgcrypto\";
CREATE EXTENSION IF NOT EXISTS \"dblink\";
__END__
"
sudo /etc/init.d/postgresql status
sudo netstat -tulntp | grep -i postgres

Resources