3

I want to access postgres with the www-data user. The command are launched by cli.

My program need to be able to launch this command :

psql --username www-data --host=127.0.0.1 --dbname=dbname

It work perfectly if I remove the --host=127.0.0.1, unfortunately I use a third party program for this command and I can change it.

My pg_hba.conf is standard local all postgres peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
#host   all             www-data         127.0.0.1/32            md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

In postgresql.conf I put

listen_addresses = '*'

Yes it's insecure but I am testing everything. Still doesn't work

In the .pgpass

127.0.0.1:5432:*:www-data:password

I tried all method : peer, ident, md5, password, I had the error everytime.

The error message (in French) :

FATAL:  authentification par mot de passe ?chou?e pour l'utilisateur  << www-data >>
mot de passe récupéré dans le fichier fichier « /var/www/.pgpass »

It means that the authentication by password failed for user www-data. It also reports that it was able to recover the password from pgpass (/var/www/.pgpass).

Thanks for you help, I have no idea what to do.

Improve this question
4
  • What does cat /var/www/.pgpass return ? Which third party program ? Commented Aug 7, 2013 at 16:25
  • if you're sure of the password, the next thing to check is its validity: select valuntil from pg_user where usename='www-data'. This is mostly relevant because of the related pgadmin bug Commented Aug 7, 2013 at 17:02
  • The third party program is Drush, a cli tool for Drupal. For valuntil, thanks for the tip. It's empty, neither infinity nor 1970. Commented Aug 7, 2013 at 17:46
  • Also, I made a test with trust mode, it works. I wonder if the problem come from the - of www-data. Commented Aug 7, 2013 at 17:47

1 Answer 1

Reset to default
2

Ok that was extremely stupid.

When I made the createuser command, I used -W instead of -P. I misread the createuser --help :(

I realized my mistake when I tried to recreate the www-data another time, and saw that the password was asked only one time instead of two times.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.