Why can't I `su postgres`?
Clash Royale CLAN TAG#URR8PPP
up vote
-1
down vote
favorite
I wonder why when I provide root's password, the following command
reports failure?$ su postgres
Password:
su: Authentication failureIs it correct that
suasks for the password of root, not ofpostgres?If it is the password of
postgres, when I installed postgreSQL, I didn't set up a login name to connect to postgresql server, and I didn't explicitly create the userpostgreson my Ubuntu, so what is its password?in
/etc/passwdpostgres:x:124:133:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashin
/etc/shadow:postgres:*:17478:0:99999:7:::If I indeed can't
su postgres, then generally speaking, what target users cansuswitch to?Is it
correct that they are also the users whose ids setuid() can take as
argument?From APUE, I learned that login names without valid login shell command can't be used for login. Are they also can be
sued to? Butpostgreshas a valid login shell command/bin/bash, so why can't Isu postgres?
Thanks.
users su postgresql
asked May 4 at 0:57
Tim
22.6k63223401
add a comment |Â
up vote
-1
down vote
favorite
I wonder why when I provide root's password, the following command
reports failure?$ su postgres
Password:
su: Authentication failureIs it correct that
suasks for the password of root, not ofpostgres?If it is the password of
postgres, when I installed postgreSQL, I didn't set up a login name to connect to postgresql server, and I didn't explicitly create the userpostgreson my Ubuntu, so what is its password?in
/etc/passwdpostgres:x:124:133:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashin
/etc/shadow:postgres:*:17478:0:99999:7:::If I indeed can't
su postgres, then generally speaking, what target users cansuswitch to?Is it
correct that they are also the users whose ids setuid() can take as
argument?From APUE, I learned that login names without valid login shell command can't be used for login. Are they also can be
sued to? Butpostgreshas a valid login shell command/bin/bash, so why can't Isu postgres?
Thanks.
users su postgresql
asked May 4 at 0:57
Tim
22.6k63223401
suasks for postgres's password.
– dsstorefile1
May 4 at 1:00
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
2
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10
add a comment |Â
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I wonder why when I provide root's password, the following command
reports failure?$ su postgres
Password:
su: Authentication failureIs it correct that
suasks for the password of root, not ofpostgres?If it is the password of
postgres, when I installed postgreSQL, I didn't set up a login name to connect to postgresql server, and I didn't explicitly create the userpostgreson my Ubuntu, so what is its password?in
/etc/passwdpostgres:x:124:133:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashin
/etc/shadow:postgres:*:17478:0:99999:7:::If I indeed can't
su postgres, then generally speaking, what target users cansuswitch to?Is it
correct that they are also the users whose ids setuid() can take as
argument?From APUE, I learned that login names without valid login shell command can't be used for login. Are they also can be
sued to? Butpostgreshas a valid login shell command/bin/bash, so why can't Isu postgres?
Thanks.
users su postgresql
asked May 4 at 0:57
Tim
22.6k63223401
I wonder why when I provide root's password, the following command
reports failure?$ su postgres
Password:
su: Authentication failureIs it correct that
suasks for the password of root, not ofpostgres?If it is the password of
postgres, when I installed postgreSQL, I didn't set up a login name to connect to postgresql server, and I didn't explicitly create the userpostgreson my Ubuntu, so what is its password?in
/etc/passwdpostgres:x:124:133:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashin
/etc/shadow:postgres:*:17478:0:99999:7:::If I indeed can't
su postgres, then generally speaking, what target users cansuswitch to?Is it
correct that they are also the users whose ids setuid() can take as
argument?From APUE, I learned that login names without valid login shell command can't be used for login. Are they also can be
sued to? Butpostgreshas a valid login shell command/bin/bash, so why can't Isu postgres?
Thanks.
users su postgresql
asked May 4 at 0:57
Tim
22.6k63223401
edited May 4 at 17:20
asked May 4 at 0:57
Tim
22.6k63223401
asked May 4 at 0:57
Tim
22.6k63223401
asked May 4 at 0:57
Tim
22.6k63223401
22.6k63223401
suasks for postgres's password.
– dsstorefile1
May 4 at 1:00
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
2
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10
add a comment |Â
suasks for postgres's password.
– dsstorefile1
May 4 at 1:00
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
2
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10
su asks for postgres's password.– dsstorefile1
May 4 at 1:00
su asks for postgres's password.– dsstorefile1
May 4 at 1:00
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
2
2
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
Look at the second field of /etc/shadow:
postgres:*:17478:0:99999:7:::
Normally it would have the encrypted password, but here it has just a single asterisk. That means the account is locked - no password will be acceptable for it. This is the state any new account will have until a password is assigned to it.
To transition into a user account that is currently locked, you would need a transition method that does not ask for the password of the target account. For su, that would mean you would have to fully become root first.
It would be possible to configure sudo to allow you access to the postgres account even though it is locked for password authentication. The /etc/sudoers line would be something like this:
Tim ALL=(postgres) ALL
The sudo command line equivalent to su postgres would be sudo -u postgres -s. Note: in this method, some environment settings from your original account may be still in use in your session as user postgres. You may or may not want that: it could be actually useful if you have two or more database administrators with different personal preferences for their shell/environment both sudoing to the postgres account.
If you want the environment to be exactly as if it would be if user postgres would have when logged in directly, you could also use sudo -u postgres -i (the equivalent of su - postgres).
But if you want to have su postgres work, you would just need to have a password set for the user postgres. That can be achieved by running passwd postgres as root.
answered May 4 at 4:41
telcoM
10.2k11032
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
Look at the second field of /etc/shadow:
postgres:*:17478:0:99999:7:::
Normally it would have the encrypted password, but here it has just a single asterisk. That means the account is locked - no password will be acceptable for it. This is the state any new account will have until a password is assigned to it.
To transition into a user account that is currently locked, you would need a transition method that does not ask for the password of the target account. For su, that would mean you would have to fully become root first.
It would be possible to configure sudo to allow you access to the postgres account even though it is locked for password authentication. The /etc/sudoers line would be something like this:
Tim ALL=(postgres) ALL
The sudo command line equivalent to su postgres would be sudo -u postgres -s. Note: in this method, some environment settings from your original account may be still in use in your session as user postgres. You may or may not want that: it could be actually useful if you have two or more database administrators with different personal preferences for their shell/environment both sudoing to the postgres account.
If you want the environment to be exactly as if it would be if user postgres would have when logged in directly, you could also use sudo -u postgres -i (the equivalent of su - postgres).
But if you want to have su postgres work, you would just need to have a password set for the user postgres. That can be achieved by running passwd postgres as root.
answered May 4 at 4:41
telcoM
10.2k11032
add a comment |Â
up vote
4
down vote
Look at the second field of /etc/shadow:
postgres:*:17478:0:99999:7:::
Normally it would have the encrypted password, but here it has just a single asterisk. That means the account is locked - no password will be acceptable for it. This is the state any new account will have until a password is assigned to it.
To transition into a user account that is currently locked, you would need a transition method that does not ask for the password of the target account. For su, that would mean you would have to fully become root first.
It would be possible to configure sudo to allow you access to the postgres account even though it is locked for password authentication. The /etc/sudoers line would be something like this:
Tim ALL=(postgres) ALL
The sudo command line equivalent to su postgres would be sudo -u postgres -s. Note: in this method, some environment settings from your original account may be still in use in your session as user postgres. You may or may not want that: it could be actually useful if you have two or more database administrators with different personal preferences for their shell/environment both sudoing to the postgres account.
If you want the environment to be exactly as if it would be if user postgres would have when logged in directly, you could also use sudo -u postgres -i (the equivalent of su - postgres).
But if you want to have su postgres work, you would just need to have a password set for the user postgres. That can be achieved by running passwd postgres as root.
answered May 4 at 4:41
telcoM
10.2k11032
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Look at the second field of /etc/shadow:
postgres:*:17478:0:99999:7:::
Normally it would have the encrypted password, but here it has just a single asterisk. That means the account is locked - no password will be acceptable for it. This is the state any new account will have until a password is assigned to it.
To transition into a user account that is currently locked, you would need a transition method that does not ask for the password of the target account. For su, that would mean you would have to fully become root first.
It would be possible to configure sudo to allow you access to the postgres account even though it is locked for password authentication. The /etc/sudoers line would be something like this:
Tim ALL=(postgres) ALL
The sudo command line equivalent to su postgres would be sudo -u postgres -s. Note: in this method, some environment settings from your original account may be still in use in your session as user postgres. You may or may not want that: it could be actually useful if you have two or more database administrators with different personal preferences for their shell/environment both sudoing to the postgres account.
If you want the environment to be exactly as if it would be if user postgres would have when logged in directly, you could also use sudo -u postgres -i (the equivalent of su - postgres).
But if you want to have su postgres work, you would just need to have a password set for the user postgres. That can be achieved by running passwd postgres as root.
answered May 4 at 4:41
telcoM
10.2k11032
Look at the second field of /etc/shadow:
postgres:*:17478:0:99999:7:::
Normally it would have the encrypted password, but here it has just a single asterisk. That means the account is locked - no password will be acceptable for it. This is the state any new account will have until a password is assigned to it.
To transition into a user account that is currently locked, you would need a transition method that does not ask for the password of the target account. For su, that would mean you would have to fully become root first.
It would be possible to configure sudo to allow you access to the postgres account even though it is locked for password authentication. The /etc/sudoers line would be something like this:
Tim ALL=(postgres) ALL
The sudo command line equivalent to su postgres would be sudo -u postgres -s. Note: in this method, some environment settings from your original account may be still in use in your session as user postgres. You may or may not want that: it could be actually useful if you have two or more database administrators with different personal preferences for their shell/environment both sudoing to the postgres account.
If you want the environment to be exactly as if it would be if user postgres would have when logged in directly, you could also use sudo -u postgres -i (the equivalent of su - postgres).
But if you want to have su postgres work, you would just need to have a password set for the user postgres. That can be achieved by running passwd postgres as root.
answered May 4 at 4:41
telcoM
10.2k11032
answered May 4 at 4:41
telcoM
10.2k11032
answered May 4 at 4:41
telcoM
10.2k11032
answered May 4 at 4:41
telcoM
10.2k11032
10.2k11032
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441683%2fwhy-cant-i-su-postgres%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
suasks for postgres's password.– dsstorefile1
May 4 at 1:00
Thanks. But why does unix.stackexchange.com/a/11287/674 say that "su requires root's password"?
– Tim
May 4 at 1:06
2
That answer says root's password is used when "running commands as root". You're switching to the postgres user account, hence you need postgres's passphrase.
– dsstorefile1
May 4 at 1:10