I have installed my Postgresql database on a Windows server environment. I'd like to schedule a job using Windows Task scheduler to run every night so I need to run the following command without asking for password:
psql -U myUserName-d myDBName -c "select MyFunctionName()"
When I run the above query in my cmd shell, it asks me for password. When I enter the password manually, the function is correctly run.
So my solution is to read from the pgpass.conf file so no password is required.
Here are the things I have done to achieve this:
I created the pgpass.conf file in a directory I created in the %appdata% (AppData\Roaming\postgresql to be precise).
Here are the contents of this file:
localhost:5432:myDBName:myUserName:myPassword
I have also tried with the value 127.0.0.1 instead of localhost above.
I, then, added the an environment variable (in the user variables for administrator list) called PGPASSFILE and gave it the pgpass.conf location.
;C:\Users\administrator\AppData\Roaming\postgresql\pgpass.conf
Finally I stopped and restarted my Postgres service on Windows services and re-ran the command. But it is still asking for password.
How can I let my command know from where to read the password?
If you don't want to set the PGPASSFILE environment variable, put the password file in the standard location %APPDATA%\postgresql\pgpass.conf as described by the documentation.
Related
I am new to ansible and having spent a long time searching I feel as though I am missing something which should be obvious.
Problem
After installing MySql8 using ansible on a Ubuntu 20.04 server I can't do anything else MySql related because the password for the MySql "root" user is set to something random and saved into the error logs. The only solution I have found to this is to retrieve the password and change it. However, this would only work once. Running the same playbook again later will cause an error since the password will already have been changed.
I have a similar issue when it comes to creating a user identified by a MySQL native password. I have found solutions which do this by first creating a user, then using a shell command to convert the user to be identified by a native password. But I don't really want that to happen every time the playbook is run. What I want is the user to be created only if it doesn't exist already.
If I were doing this manually, I would either log into MySql using
sudo mysql
or else set the root password using the mysql_secure_installation script.
Questions
Is there a way to set the root MySQL account password from ansible
without knowing the current password by using the sudo password like
above?
Is it possible to create a user identified by a native password
without using shell commands so that the user only gets created if
it doesn't already exist?
This seems to be an issue with mysql8.0
My solution at the time was below steps
Get temp password for root from
sudo grep "temporary password" /var/log/mysqld.log|cut -d ' ' -f 11
Update root password (Possibly use mysql_user module)
"sudo mysqladmin -u root password '{{ new_mysql_root_password }}' -p'{{ password_from_1 }}'"
I did this with 2 sudo commands using shell module but the ideal way would be i think \
do 1 using shell module
do a connection check on mysql using 1 and register it in a variable root_check
do 2 only when root_check does not throw error.
In my case, I ignored the error if it occurs at 2 if the password is changed the first time.
I am sure there is a better solution.
I'm trying to execute several different PostgreSQL commands inside of different bash scripts. I thought I had the .pgpass file properly configured, but when I try to run pg_dump, vacuumdb, or reindexdb, I get errors about how a password isn't being supplied. For my bash script to execute properly, I need these commands to return an exit code of 0.
I'm running PostgreSQL 9.5.4 on macOS 10.12.6 (16G1408).
In an admin user account [neither root nor postgres], I have a .pgpass file in ~. The .pgpass file contains:
localhost:5432:*:postgres:DaVinci
The user is indeed postgres and the password is indeed DaVinci.
Permissions on the .pgpass file are 600.
In the pg_hba.conf file, I have:
# pg_hba.conf file has been edited by DaVinci Project Server. Hence, it is recommended to not edit this file manually.
# TYPE DATABASE USER ADDRESS METHOD
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
So, for example, from a user account [neither root nor postgres], I run:
/Library/PostgreSQL/9.5/pgAdmin3.app/Contents/SharedSupport/pg_dump --host localhost --username postgres testworkflow13 --blobs --file /Users/username/Desktop/testdestination1/testworkflow13_$(date "+%Y_%m_%d_%H_%M").backup --format=custom --verbose --no-password
And I get the following error:
pg_dump: [archiver (db)] connection to database "testworkflow13" failed: fe_sendauth: no password supplied
I get the same result if I run this with sudo as well.
Curiously, pg_dump does execute, and does export out a .backup file to the testdestination1 directory, but since it throws an error, if it's in a bash script, the script is halted.
Where am I going wrong? How can I make sure that the .pgpass file is being properly read so that the --no-password flag in the command works?
Please start with a read to official docs.
Also, even this topic is more than 2 years also, i strongly suggest to update to at least to version 10, anyhow nothing relevant has been changed around .pgpass
.pgpass need to be chmod 600, fine, the user that uses that must can read, so that must be the owner of that file.
Please remove the --no-password that just confuse and is not needed.
Using 127.0.0.1 instead of localhost clarify where you are going, "usually" are the same.
... from a user account [neither root nor postgres] ...
The user you are using for must have read access to .pgpass, as said, so you have to clarify that and provide that file to that user, maybe using the PGPASSFILE env variable could be useful for you.
Another way is the use of .pg_service.conf file with or without the .pgpass, for what you have written it looks like that may be more appropriate
Also you could set the PGPASSWORD in the env of the user.
Think about security, some choices look the simpliest but can expose accesses .. and as DBA I'm frankly tired about peoples that store password in visible places, printed in logs or on github or set "trust" in pg_hba and finally comes to me to say "postgreSQL is insecure".. hahaha!
Final note, you do not have a pg_hba error, in case you will have a "pg_hba" error message.
Turns out that changing all three lines in the pg_hba.conf file to the trust method of authentication solved this.
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
Since the method is trust, the .pgpass file may be entirely irrelevant--I'm not sure, but at least I got it working.
i try to get an auto backup script running.
The script works perfectly, if i run it by typing "bash backup.su" into the terminal.
For every query and operation I have to input the password (database user), but it works fine.
But as soon as I don't use the terminal (eg via cron), it doesn't. It just prints out my logfile without any information.
I think it has something to do with user rights
Terminal output:
Making backup directory in /scripts/2013-09-26-daily
Performing schema-only backups
------------------------------------------
Password for user backupuser: <- Query getting all databases with certain string in name
The following databases were matched for schema-only backup:
Performing full backups
------------------------------------------
Password for user backupuser: <- Query getting all databases
Plain backup of DB1
Password:
Plain backup of DB2
Password:
Plain backup of AndSoOn
Password:
All database backups complete!
Cron Log:
Making backup directory in /scripts/2013-09-26-daily/
Performing schema-only backups
------------------------------------------
The following databases were matched for schema-only backup:
Performing full backups
------------------------------------------
All database backups complete!
As you can see there seems to be no query executed. Right now i'm using a special backup user, but it also doesn't work with postgres. (With the postgres user he also ask for a password... but an empty one stops the script)
Does anybody have a clue for me? As i said it works perfectly manually, bot doesn't with cron.
Greetings
Martin
You can create a .pgpass in the user's home directory that you want to use for the cron job. The .pgpass format should be:
hostname:port:database:username:password
In practice, I found that you need to use a wildcard ("*") for the hostname, port, and database for cron jobs to work. For example, if you are running the cron job as the postgres user and the user home directory is /home/postgres, then create a file called ".pgpass" in /home/postgres with the following content:
*:*:*:postgres:password
Your cron jobs running under the postgres user should then work without needing a password.
Official documentation for this password file is here:
http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html
When running interactively you have a tty, but when running from cron there is no tty attached, i.e. your script has no stdin to read from (that would block the script while waiting for input that can never be entered from anywhere).
You should make your script runnable without a password, e.g. run it under a specific user account and configure postgres to allow that user to connect without a password (i.e. edit pg_hba.conf).
My goal is to be able to fire off a command without having to be prompted for my password. Is there any way to achieve this from the windows command line? In Linux I feel I could send the password to standard in or something, but I am not sure if I could do this for windows.
Thanks!
There are two ways:
Set environment variable PGPASSWORD e.g. set PGPASSWORD=yoursecretpassword
Use password file %APPDATA%\postgresql\pgpass.conf as described in documentation
Within password file (my location is C:\Users\Grzesiek\AppData\Roaming\postgresql\pgpass.conf) use specified in doc format. For example to connect database postgres as role postgres on local 5432 server add:
localhost:5432:postgres:postgres:12345
I checked this and it works well (for me), but don't use 127.0.0.1).
Another handy option (specially if your PG server runs in your own client machine, and if this does not poses any security problem for you) is to allow login without password in the server ("trust" authentication mode).
For example, this line in pg_hba.conf (in your DATA dir, a typical location: C:\Program Files\PostgreSQL\9.0\data\ ) grants access without password from your local machine.
host all all 127.0.0.1/32 trust
Then, connect with
psql.exe -h 127.0.0.1 -U postgres -w [YOUR_DB_NAME]
I know it is an old question but for anyone looking like I was, it is hard to find a solution for windows. stick this in a .bat file and it will work (at least for me it did). change director to postres directory, set environment variable PGPASSWORD execute copy command to a csv file and then clear environment variable, then go back to root directory.
cd C:\Program Files\PostgreSQL\9.5\bin\
set PGPASSWORD=yourpassword
psql -d databasename -U yourusername -w -c "\COPY (select * from yourtable) TO 'c:/Users/yourdirectory/yourcsvfilename.csv' DELIMITER '|' CSV HEADER;"
set PGPASSWORD=
cd c:\
I realize this question is a bit old now, but I believe there is a better means for secure, password-free PostgreSQL logon on Windows - SSPI.
Create a local or domain user account and PostgreSQL login with the same name.
In pg_ident.conf, create a mapping:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
SSPI username#AUTHORITY loginname
Replace username with the Windows user name (this is the sAMAccountName attribute for domain accounts), and replace AUTHORITY with the computer name or short domain name. If you're not sure what to use for AUTHORITY, check the PostgreSQL log file. For a local account, this will be the computer name; for a domain account, it's probably the short domain name. Lastly, replace loginname with the PostgreSQL login name (to reduce confusion, I would recommend using the same name for both username and loginname).
In pg_hba.conf, allow the logon; e.g.:
# TYPE DATABASE USER ADDRESS METHOD
host all loginname 127.0.0.1/32 sspi map=SSPI
host all loginname ::1/128 sspi map=SSPI
If a domain account, set a SPN for it; e.g.:
setspn -S POSTGRES/serverfqdn username
Now you can log onto Windows using the specified username and run psql.exe, etc. without needing a password.
Steps:
First ENviroment Var PGPASSWORD
C:\Windows\system32>set PGPASSWORD=clave
before
psql -d basededatos -U usuario
Ready,
I got it working in Postgres 15 with:
psql -U postgres -h 127.0.0.1 -p 54322 -f some_file password=postgres
J
If you're able to use Powershell, you can set environment variables inline, similar to bash.
This should work:
$Env:PGPASSWORD='your-pass'; psql -U postgres
Note the semicolon between setting the variable and actual command, this is important since those are inline but two separate commands.
I found another useful solution that worked for me on this link. It basically sets the PGPASSWORD at the beginning of your command like this:
PGPASSWORD=PASSWORD psql YOUR_CODE
I'm trying to write a simple script to mysqldump some dbs. I'm getting stuck on the password prompt though.
I'd like to just have a config file that contains all the db creds, then the script can use those to connect to the db.
Problem is a command such as:
system('mysqldump -u username -p')
then prompts for
Enter password:
even when I do something like:
system('mysqldump -u username -p some_password')
I still get prompted for the password...
I don't do a whole lot of scripting in Ruby so I'm at a loss as to how my script can automatically enter this info so the user running the script doesn't have to.
If you already know the password why aren't you passing it to the command?
system('mysqldump -u username --password=mypassword')
you need to delete space after -p
system('mysqldump -uusername -psome_password')
or without password just
system('mysqldump -uusername')
or
system('mysqldump -uusername --password=')
you could always check the application that uses the database for the password, check the config file file for the connection string. Failing that change the password in the database.