3

I want to access postgres with the www-data user. The command are launched by cli.

My program need to be able to launch this command :

psql --username www-data --host=127.0.0.1 --dbname=dbname

It work perfectly if I remove the --host=127.0.0.1, unfortunately I use a third party program for this command and I can change it.

My pg_hba.conf is standard local all postgres peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
#host   all             www-data         127.0.0.1/32            md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

In postgresql.conf I put

listen_addresses = '*'

Yes it's insecure but I am testing everything. Still doesn't work

In the .pgpass

127.0.0.1:5432:*:www-data:password

I tried all method : peer, ident, md5, password, I had the error everytime.

The error message (in French) :

FATAL:  authentification par mot de passe ?chou?e pour l'utilisateur  << www-data >>
mot de passe récupéré dans le fichier fichier « /var/www/.pgpass »

It means that the authentication by password failed for user www-data. It also reports that it was able to recover the password from pgpass (/var/www/.pgpass).

Thanks for you help, I have no idea what to do.

Imane Fateh
  • 2,418
  • 3
  • 19
  • 23
yburon
  • 151
  • 2
  • 11
  • What does cat /var/www/.pgpass return ? Which third party program ? – Imane Fateh Aug 07 '13 at 16:25
  • if you're sure of the password, the next thing to check is its validity: `select valuntil from pg_user where usename='www-data'`. This is mostly relevant because of the related [pgadmin bug](http://stackoverflow.com/a/14566264/238814) – Daniel Vérité Aug 07 '13 at 17:02
  • The third party program is Drush, a cli tool for Drupal. For valuntil, thanks for the tip. It's empty, neither infinity nor 1970. – yburon Aug 07 '13 at 17:46
  • Also, I made a test with trust mode, it works. I wonder if the problem come from the - of www-data. – yburon Aug 07 '13 at 17:47

1 Answers1

2

Ok that was extremely stupid.

When I made the createuser command, I used -W instead of -P. I misread the createuser --help :(

I realized my mistake when I tried to recreate the www-data another time, and saw that the password was asked only one time instead of two times.

yburon
  • 151
  • 2
  • 11