In postgres, how do I change an existing user to be a superuser? I don't want to delete the existing user, for various reasons.
# alter user myuser ...?
ALTER USER myuser WITH SUPERUSER;
You can read more at the Documentation for ALTER USER
To expand on the above and make a quick reference:
To make a user a SuperUser: ALTER USER username WITH SUPERUSER;
To make a user no longer a SuperUser: ALTER USER username WITH NOSUPERUSER;
To just allow the user to create a database: ALTER USER username CREATEDB;
You can also use CREATEROLE and CREATEUSER to allow a user privileges without making them a superuser.
Documentation
$ su - postgres
$ psql
$ \du; for see the user on db
select the user that do you want be superuser and:
$ ALTER USER "user" with superuser;
May be sometimes upgrading to a superuser might not be a good option.
So apart from super user there are lot of other options which you can use.
Open your terminal and type the following:
$ sudo su - postgres
[sudo] password for user: (type your password here)
$ psql
postgres#user:~$ psql
psql (10.5 (Ubuntu 10.5-1.pgdg18.04+1))
Type "help" for help.
postgres=# ALTER USER my_user WITH option
Also listing the list of options
SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB | CREATEROLE | NOCREATEROLE |
CREATEUSER | NOCREATEUSER | INHERIT | NOINHERIT | LOGIN | NOLOGIN | REPLICATION|
NOREPLICATION | BYPASSRLS | NOBYPASSRLS | CONNECTION LIMIT connlimit |
[ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password' | VALID UNTIL 'timestamp'
So in command line it will look like
postgres=# ALTER USER my_user WITH LOGIN
OR use an encrypted password.
postgres=# ALTER USER my_user WITH ENCRYPTED PASSWORD '5d41402abc4b2a76b9719d911017c592';
OR revoke permissions after a specific time.
postgres=# ALTER USER my_user WITH VALID UNTIL '2019-12-29 19:09:00';
Run this Command
alter user myuser with superuser;
If you want to see the permission to a user run following command
\du
You can create a SUPERUSER or promote USER, so for your case
$ sudo -u postgres psql -c "ALTER USER myuser WITH SUPERUSER;"
or rollback
$ sudo -u postgres psql -c "ALTER USER myuser WITH NOSUPERUSER;"
To prevent a command from logging when you set password, insert a whitespace in front of it, but check that your system supports this option.
$ sudo -u postgres psql -c "CREATE USER my_user WITH PASSWORD 'my_pass';"
$ sudo -u postgres psql -c "CREATE USER my_user WITH SUPERUSER PASSWORD 'my_pass';"
alter user username superuser;
If you reached this because you're using Amazon Redshift you CANNOT assign SUPERUSER
ALTER USER <username> SUPERUSER;
Instead assign CREATEUSER:
ALTER USER <username> CREATEUSER;
Apparently, SUPERUSER isn't an available user assignment in Amazon Redshift clusters. I am utterly confused by this.
https://docs.aws.amazon.com/redshift/latest/dg/r_superusers.html
Screenshots showing this:
https://i.stack.imgur.com/uyWXt.png
https://i.stack.imgur.com/ycbeL.png
Related
If I create a DB user with
"sudo -u postgres psql -c "CREATE USER guacamole PASSWORD 'PW'; GRANT ALL PRIVILEGES ON DATABASE guacamole TO guacamole"
this user disappears after reboot. How can I make this user/command persistent, so that I do not need to recreate after reboot
thanks
I am trying to learn SQL. I have picked up postresql . now I hae a query myself. How can specify login role(user) or switch the role ?
I had create new users like this:-
in zsh shell with postgres user
% createuser --interactive sqltest01
and
% psql
postgres=> create user sqltest02 with password '1';
CREATE ROLE
now I have 3 users or roles
postgres=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
sqltest01 | Create role, Create DB | {}
sqltest02 | | {}
How can I login with these users ?
I usely login like this :-
% sudo su postgres
% psql
which logs me in with user postgres
\conninfo
You are connected to database "postgres" as user "postgres" via socket in "/run/postgresql" at port "5432".
how can I login with sqltest01 or sqltest02 ?
If you are logged into the same computer that Postgres is running on you can use the following psql login command, specifying the database (mydb) and username (myuser):
psql -d mydb -U myuser
If for some reason you are not prompted for a password when issuing these commands, you can use the -W option:
psql -d mydb -U myuser -W
I have the following two functions:
drop_linked_resources() {
local readonly host="$1"
local readonly master_username="$2"
local readonly master_password="$3"
local readonly username="$4"
local readonly password="$5"
local readonly db="$6"
docker run --rm \
-e PGPASSWORD="$master_password" \
postgres:9.6.3-alpine psql -h "$host" -d postgres -U "$master_username" <<-EOSQL
DROP DATABASE IF EXISTS $db;
DROP USER IF EXISTS $username;
EOSQL
}
create_user() {
local readonly host="$1"
local readonly master_username="$2"
local readonly master_password="$3"
local readonly username="$4"
local readonly password="$5"
local readonly db="$6"
docker run --rm \
-e PGPASSWORD="$master_password" \
postgres:9.6.3-alpine psql -h "$host" -d postgres -U "$master_username" \
-c "CREATE USER $username WITH CREATEDB CREATEROLE ENCRYPTED PASSWORD '$password';"
}
very easy functions. drop_linked_resources run first to clean and after create_user runs. The problem is that I get the following error:
2018-03-20 16:21:56 [INFO] [create-database.sh] Drop linked existing resources
2018-03-20 16:21:57 [INFO] [create-database.sh] Create my_user user
role "my_user" already exists
I get this error because I run already the functions so in order to make it idempotent I must clean it and then create again.
Any idea what I'm doing wrong?
You probably missed the steps where all the objects the user/role owns must be dropped and any privileges must be revoked for any role has been granted.
From PostgreSQL manual (The DROP USER is an alias for DROP ROLE):
A role cannot be removed if it is still referenced in any database of the cluster; an error will be raised if so. Before dropping the role, you must drop all the objects it owns (or reassign their ownership) and revoke any privileges the role has been granted. The REASSIGN OWNED and DROP OWNED commands can be useful for this purpose.
However, it is not necessary to remove role memberships involving the role; DROP ROLE automatically revokes any memberships of the target role in other roles, and of other roles in the target role. The other roles are not dropped nor otherwise affected.
Use the REASSIGNED OWNED or DROP OWNED command.
Try adding below command somewhere before the DROP USER command:
DROP OWNED BY $username CASCADE;
Reference:
https://www.postgresql.org/docs/8.4/static/sql-droprole.html
https://www.postgresql.org/docs/8.4/static/sql-drop-owned.html
so a user enters data in a web form, data gets sent to main database table, and then a script runs periodically, like every day to then do a few tasks like adding a user to a linux system. I want to add a user with a password that was stored in the database. So far I only have this:
$MYSQL -e "select name from users registered" | sudo xargs -L 1 useradd
$MYSQL -e "select password users registered" | sudo xargs -L 1 passwd
but it seems to think the password field in the database is a username?
I have created a postgres database in postgres named "databaseName". Now I can access this data2database through
su - postgres
and then typing my password
Then I enter into the database through: psql databaseName
I have created users of this database through:
createuser -P userName1
Now I dont want the users of the database to access the database as root user. Now when the users try to login into postgres as
su - postgres -u userName1
or through
psql databaseName -u userName1
I get error...can someone guide me as to how the users can get access to postgres and database without being root user?
Configure pg_hba.conf to accept peer connections over unix sockets or ident connections over host (tcp) connections. If you prefer you can use md5 to use password authentication instead.
By default psql will connect with the same username as your local OS username; this can be overridden by the -U flag, eg:
psql -U myusername thedatabase
Note that it's -U not -u (it's upper case).
This is all covered in detail in the PostgreSQL documentation; see:
Client Authentication
pg_hba.conf
psql
BTW, if you want to run commands as the postgres user, rather than su'ing you can just write:
sudo -u postgres psql