Обсуждение: Postgres superuser & password on Red Hat; upgrade?
Hello all, I get the feeling that this is an EXTREMELY novice question. I am very new (within a few weeks) to both Linux and PostgreSQL. I did my best to RTFM, but I finally had to break down and mail the list. I apologize if this is a really obvious one. When we decided to use PostgreSQL, we got a completely new box. Red Hat 6.2 was installed. During the installation a GUI offers a checkbox for installation of PostgreSQL (via RPMs). This installs PostgreSQL 6.5.3. So far, most things seem okay. But I am unable to figure out what the deal is with the Postgres superuser, which is automatically installed by Red Hat. I have seen no mention of a default password, but Postgres does seem to have a password. I tried to use Linuxconf or Userconf as root to give Postgres a new password (as I have seen from looking through lists that others have done), but it freezes up after I type the new password for the second time and hit enter. This crash happens consistently at the same point. The only way I can become Postgres is to log in as myself (Laurel), become substitute user--root by typing "su" and entering the root password, then typing su - postgres--thus bypassing the postgres password. But that makes Postgres also root, which I understand to be very bad thing. I have used this technique to make Laurel a database user, but how can I make Postgres a DBA login with full privileges who is NOT root? What is the method to give Postgres a new password and/or discover the old one? Or should I just use Postgres-as-root to give a different Linux user PostgreSQL superuser privs and forget about Postgres after that?! It may be that an inadequate understanding of Linux is contributing a lot to my problems! I have a second question as well. I see most of you are running 7.0.3. Should I upgrade at once, and if so, are there any quirks deriving from this Red Hat installation process that I should know about? Many thanks in advance for your help. Laurel Williams
Laurel Williams wrote: >The only way I can become Postgres is to log in as myself (Laurel), >become substitute user--root by typing "su" and entering the root >password, then typing su - postgres--thus bypassing the postgres >password. But that makes Postgres also root, which I understand to be >very bad thing. I have used this technique to make Laurel a database No, this is not the case. su makes you become the user named, root by default. Your first su makes you root; the second one makes you postgres. This is perfectly OK and the right way to do it. >user, but how can I make Postgres a DBA login with full privileges who >is NOT root? What is the method to give Postgres a new password and/or >discover the old one? ALTER USER postgres WITH PASSWORD newpassword; You need createuser privileges to use CREATE USER or ALTER USER. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "And, behold, I come quickly; and my reward is with me, to give every man according as his work shall be." Revelation 22:12
Oops--I thought I was sending clarifying posts to the list, but actually they were going to individuals. So I assumed some people had information that they didn't. I completely forgot to say that I'd tried passwd, too. But I can't do it as Postgres, because I don't know the original password. And if I log in as root and say "passwd postgres", it has the exact same bug as with Linuxconf/Userconf. I enter the new password once, then the second time, hit enter, and it just hangs. After a few moments it says "Passwd: Critical error - immediate abort" and goes back to the root prompt. And, when I look in shadow.... unlike 'nobody' et al., Postgres doesn't have the * --it has a long string of gibberish, indicating that it *does* have a password. And my brother, who installed Red Hat with the Postgres RPM in the first place and is very familiar with Linux (this is a very small business, a family thing) insists that at no time did he get prompted to enter a password for it. So, here is postgres, having some (it appears) random? password, but I can't change the password, because it hangs/crashes every time, no matter the method. But it sounds like people are saying that that's not a problem, really, because it's all right to log into Postgres from root and that does not (contrary to my random newbie ideas) make me root.. And anyway, if it really concerned me, I could just log in to PostgreSQL as Postgres and create a new superuser (one with createuser privs), and use the new superuser in place of Postgres, if I wished. Also, one person has suggested I delete and re-create Postgres, which I will be trying in a little bit. Cheers, Laurel Williams
Laurel Williams wrote: >I completely forgot to say that I'd tried passwd, too. But I can't do it >as Postgres, because I don't know the original password. And if I log in There probably isn't an original password. Typically, the user will be created with a * in the password field (in /etc/shadow). This means it is impossible to log in directly as that user; you have to go through su. >as root and say "passwd postgres", it has the exact same bug as with >Linuxconf/Userconf. I enter the new password once, then the second time, >hit enter, and it just hangs. After a few moments it says >"Passwd: Critical error - immediate abort" and goes back to the root >prompt. That seems to indicate a very horrid bug in your operating system. Check the contents of /etc/passwd and /etc/shadow, to see that no-one has corrupted them by trying hand-editing - every line should have the same structure (see `man 5 passwd'). If you're using traditional crypt passwords, the password field should be 13 characters long. If there's no apparent problem there, ask for help on your distribution mailing lists. Another thing: does this happen for any other user? >And, when I look in shadow.... unlike 'nobody' et al., Postgres doesn't >have the * --it has a long string of gibberish, indicating that it >*does* have a password. And my brother, who installed Red Hat with the >Postgres RPM in the first place and is very familiar with Linux (this is >a very small business, a family thing) insists that at no time did he >get prompted to enter a password for it. If it's distributed with a password set, it sounds like poor practice to me. Perhaps passwd has got as far as altering /etc/shadow? Check there is an x in the password field of /etc/passwd. Then try editing the password string back to a * and try passwd again to set a password. >So, here is postgres, having some (it appears) random? password, but I >can't change the password, because it hangs/crashes every time, no >matter the method. > >But it sounds like people are saying that that's not a problem, really, >because it's all right to log into Postgres from root and that does not >(contrary to my random newbie ideas) make me root.. And anyway, if it >really concerned me, I could just log in to PostgreSQL as Postgres and >create a new superuser (one with createuser privs), and use the new >superuser in place of Postgres, if I wished. > >Also, one person has suggested I delete and re-create Postgres, which I >will be trying in a little bit. That probably would not remove the postgres user from Linux (I would be very unhappy if distribution scripts messed with /etc/passwd!) -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "For the eyes of the LORD run to and fro throughout the whole earth, to show himself strong in the behalf of them whose heart is perfect toward him..." II Chronicles 16:9