[svlug] phppgadmin

Ivan Sergio Borgonovo mail at webthatworks.it
Sat Jan 17 15:32:47 PST 2015


On 01/17/2015 11:23 PM, Michael Robinson wrote:

> Thank you Ivan.  I do have shell access.  So I need to fix this using
> psql command line or do I need to modify pg_hba.conf?  The error I get
> is some security warning that logging into phppgadmin as postgres isn't
> allowed.

I've no idea about phppgadmin, sorry. Maybe there is some cfg somewhere
to enable access as superuser. I'd leave it that way.
I don't know if it is just a legend handed down by elitist sysadmins but
the family of php*admin stuff is said to have had its security
nightmares. I never deployed and rarely used php*admin stuff, but it is
not hard to believe that more layers of software are going to make the
overall less secure.

If you don't want to login to your box via ssh every time you want to
play with postgres you could generate ssl keys and use pgsql or pgadmin
(GUI) directly from your workstation.
pgadmin has some nice tricks that can come useful and I do use it at
times but most of the time I'm using pgsql because it is much faster.

Setting up pg_hba.conf is easy, I just don't remember how I set up the
keys, it was more contrived.

login as root
There are enough explanations inside pg_hba.conf.
I'd suggest
hostssl all YOURUSER all md5
maybe you could restrict access to your subnet.
then
su - postgres
createuser
and add YOURUSER with superuser rights

Give a look to man createuser to get a better idea of what you're going
to do.

there is no relationship between your login user and your DB user but if
you add:

local all YOURUSER ident
to pg_hba.conf

once you'll login via ssh you could just run
pgsql DATABASE
to login in your database if YOURUSER is the same as your *nix login

I just deployed a new pg instance in a container so I'll have to relearn
how to setup keys. If you're a bit patient I'll guide you.

If you're impatient:

http://www.postgresql.org/docs/9.4/static/ssl-tcp.html


-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it




More information about the svlug mailing list