Thread: Changing postgres User
Hi,
We are trying to setup a postgresql Docker container alongside pgadmin and caddy for use in the PrairieLearn student testing software. Our main set back is that the PrairieLearn production environment user runs as user 1001:1001 and as such we have had to rename the postgres user within Linux to 1001 and alter the credentials management significantly.
We are currently brainstorming some better ways but if anyone has any suggestions on easier ways to make these changes then we would appreciate them. The code is open source and can be viewed here - https://github.com/PrairieLearn/PrairieLearn/pull/10713
Thanks,
Zac
On 10/14/24 13:11, Zac Warham wrote: > Hi, > > We are trying to setup a postgresql Docker container alongside pgadmin > and caddy for use in the PrairieLearn student testing software. Our main > set back is that the PrairieLearn production environment user runs as > user 1001:1001 and as such we have had to rename the postgres user > within Linux to 1001 and alter the credentials management significantly. Why? Per: https://www.postgresql.org/docs/current/app-initdb.html You can have the initdb create the cluster as any user: "-U username --username=username Sets the user name of the bootstrap superuser. This defaults to the name of the operating-system user running initdb. " > > We are currently brainstorming some better ways but if anyone has any > suggestions on easier ways to make these changes then we would > appreciate them. The code is open source and can be viewed here - > https://github.com/PrairieLearn/PrairieLearn/pull/10713 > <https://github.com/PrairieLearn/PrairieLearn/pull/10713> > > Thanks, > Zac -- Adrian Klaver adrian.klaver@aklaver.com
Hi Adrian,
Thank you for the link to the documentation however it is the UID and GID of 1001:1001 that is required, not the username which I believe this is intended for? Is there a similar option for UID and GID? Apologies if my original question was not clear in this manner.
Zac
From: Adrian Klaver <adrian.klaver@aklaver.com>
Sent: Monday, 14 October 2024 2:46 PM
To: Zac Warham <cazwarham@hotmail.com>; pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Subject: Re: Changing postgres User
Sent: Monday, 14 October 2024 2:46 PM
To: Zac Warham <cazwarham@hotmail.com>; pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Subject: Re: Changing postgres User
On 10/14/24 13:11, Zac Warham wrote:
> Hi,
>
> We are trying to setup a postgresql Docker container alongside pgadmin
> and caddy for use in the PrairieLearn student testing software. Our main
> set back is that the PrairieLearn production environment user runs as
> user 1001:1001 and as such we have had to rename the postgres user
> within Linux to 1001 and alter the credentials management significantly.
Why?
Per:
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fapp-initdb.html&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223140652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LNVisA1Cm%2BK8twl9PxP18kl8zcDsgo77ySEvtIuXfZI%3D&reserved=0
You can have the initdb create the cluster as any user:
"-U username
--username=username
Sets the user name of the bootstrap superuser. This defaults to the
name of the operating-system user running initdb.
"
>
> We are currently brainstorming some better ways but if anyone has any
> suggestions on easier ways to make these changes then we would
> appreciate them. The code is open source and can be viewed here -
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223163417%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3Rj3%2BG4PYJIEzymBaKdl%2BbkooYroK7HzH3M2eHM2f8Y%3D&reserved=0
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223177366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gy3LgO2pe7FhiL28lfLfNBO8Y1%2B2BDunSR%2FDsFE8wyU%3D&reserved=0>
>
> Thanks,
> Zac
--
Adrian Klaver
adrian.klaver@aklaver.com
> Hi,
>
> We are trying to setup a postgresql Docker container alongside pgadmin
> and caddy for use in the PrairieLearn student testing software. Our main
> set back is that the PrairieLearn production environment user runs as
> user 1001:1001 and as such we have had to rename the postgres user
> within Linux to 1001 and alter the credentials management significantly.
Why?
Per:
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fapp-initdb.html&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223140652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LNVisA1Cm%2BK8twl9PxP18kl8zcDsgo77ySEvtIuXfZI%3D&reserved=0
You can have the initdb create the cluster as any user:
"-U username
--username=username
Sets the user name of the bootstrap superuser. This defaults to the
name of the operating-system user running initdb.
"
>
> We are currently brainstorming some better ways but if anyone has any
> suggestions on easier ways to make these changes then we would
> appreciate them. The code is open source and can be viewed here -
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223163417%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3Rj3%2BG4PYJIEzymBaKdl%2BbkooYroK7HzH3M2eHM2f8Y%3D&reserved=0
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223177366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gy3LgO2pe7FhiL28lfLfNBO8Y1%2B2BDunSR%2FDsFE8wyU%3D&reserved=0>
>
> Thanks,
> Zac
--
Adrian Klaver
adrian.klaver@aklaver.com
Zac Warham <cazwarham@hotmail.com> writes:
> Thank you for the link to the documentation however it is the UID and GID of 1001:1001 that is required, not the
usernamewhich I believe this is intended for? Is there a similar option for UID and GID? Apologies if my original
questionwas not clear in this manner.
The underlying UID/GID will necessarily be that of the OS account that
is running initdb. I don't see why you need to worry about it.
If you don't want the Postgres role name of the initial superuser role
to be the same as the OS account's name, you can select something else
using the switch Adrian mentioned --- but that's really mostly
cosmetic. It has nothing to do with OS-level privileges.
regards, tom lane
On 10/14/24 15:09, Zac Warham wrote: > Hi Adrian, > > Thank you for the link to the documentation however it is the UID and > GID of 1001:1001 that is required, not the username which I believe this > is intended for? Is there a similar option for UID and GID? Apologies if > my original question was not clear in this manner. The UID/GID map to a user and group and that is what you care about. > > Zac > ------------------------------------------------------------------------ > *From:* Adrian Klaver <adrian.klaver@aklaver.com> > *Sent:* Monday, 14 October 2024 2:46 PM > *To:* Zac Warham <cazwarham@hotmail.com>; > pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org> > *Subject:* Re: Changing postgres User > On 10/14/24 13:11, Zac Warham wrote: >> Hi, >> >> We are trying to setup a postgresql Docker container alongside pgadmin >> and caddy for use in the PrairieLearn student testing software. Our main >> set back is that the PrairieLearn production environment user runs as >> user 1001:1001 and as such we have had to rename the postgres user >> within Linux to 1001 and alter the credentials management significantly. > > Why? > > Per: > > https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fapp-initdb.html&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223140652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LNVisA1Cm%2BK8twl9PxP18kl8zcDsgo77ySEvtIuXfZI%3D&reserved=0 <https://www.postgresql.org/docs/current/app-initdb.html> > > You can have the initdb create the cluster as any user: > > "-U username > --username=username > > Sets the user name of the bootstrap superuser. This defaults to the > name of the operating-system user running initdb. > " > >> >> We are currently brainstorming some better ways but if anyone has any >> suggestions on easier ways to make these changes then we would >> appreciate them. The code is open source and can be viewed here - >> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223163417%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3Rj3%2BG4PYJIEzymBaKdl%2BbkooYroK7HzH3M2eHM2f8Y%3D&reserved=0 <https://github.com/PrairieLearn/PrairieLearn/pull/10713> >> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FPrairieLearn%2FPrairieLearn%2Fpull%2F10713&data=05%7C02%7C%7C545e2e2790694e5ec81a08dcec99ba83%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638645392223177366%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gy3LgO2pe7FhiL28lfLfNBO8Y1%2B2BDunSR%2FDsFE8wyU%3D&reserved=0 <https://github.com/PrairieLearn/PrairieLearn/pull/10713>> >> >> Thanks, >> Zac > > -- > Adrian Klaver > adrian.klaver@aklaver.com > -- Adrian Klaver adrian.klaver@aklaver.com