红帽全球峰会3.3. Creating PostgreSQL users
You can create PostgreSQL users with specific permissions to manage database access and control user privileges for secure database administration.
PostgreSQL users are of the following types:
-
The
postgresLinux system user: Use it only to run the PostgreSQL server and client applications, such aspg_dump. Do not use thepostgressystem user for any interactive work on PostgreSQL administration, such as database creation and user management. -
A database superuser: The default
postgresPostgreSQL superuser is not related to thepostgressystem user. You can limit access of thepostgressuperuser in the/var/lib/pgsql/data/pg_hba.conffile, otherwise no other permission limitations exist. You can also create other database superusers. A role with specific database access permissions:
- A database user: Has a permission to log in by default.
- A group of users: Enables managing permissions for the group as a whole.
Roles can own database objects (for example, tables and functions) and can assign object privileges to other roles by using SQL commands.
Standard database management privileges include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.
Role attributes are special privileges, such as LOGIN, SUPERUSER, CREATEDB, and CREATEROLE.
Perform most tasks as a role that is not a superuser. A common practice is to create a role that has the CREATEDB and CREATEROLE privileges and use this role for all routine management of databases and roles.
Prerequisites
- The PostgreSQL server is installed.
- The database cluster is initialized.
-
The
password_encryptionparameter in the/var/lib/pgsql/data/postgresql.conffile is set toscram-sha-256. -
Entries in the
/var/lib/pgsql/data/pg_hba.conffile use thescram-sha-256hashing algorithm as authentication method.
Procedure
Log in as the
postgressystem user, or switch to this user:# su - postgresStart the PostgreSQL interactive terminal:
$ psql psql (16.4) Type "help" for help. postgres=#Optional: Obtain information about the current database connection:
postgres=# \conninfo You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".Create a user named
mydbuser, set a password for it, and assign theCREATEROLEandCREATEDBpermissions to the user:postgres=# CREATE USER mydbuser WITH PASSWORD '<password>' CREATEROLE CREATEDB; CREATE ROLEThe
mydbuseruser now can perform routine database management operations: create databases and manage user indexes.Log out of the interactive terminal by using the
\qmeta command:postgres=# \q
Verification
Log in to the PostgreSQL terminal as
mydbuser, specify the hostname, and connect to the defaultpostgresdatabase, which was created during initialization:# psql -U mydbuser -h 127.0.0.1 -d postgres Password for user mydbuser: Type the password. psql (16.4) Type "help" for help. postgres=>Create a database:
postgres=> CREATE DATABASE <db_name>;Log out of the session:
postgres=# \qConnect to new database as
mydbuser:# psql -U mydbuser -h 127.0.0.1 -d <db_name> Password for user mydbuser: psql (16.4) Type "help" for help. mydatabase=>
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}