postgresql 默认 postgres 用户和密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20082673/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
default postgres user and password
提问by dot
I'm just new to postgresql db management. I've been playing around with a db that I didn't create. Trying to understand the different roles that have been created.
我只是 postgresql 数据库管理的新手。我一直在玩我没有创建的数据库。试图了解已创建的不同角色。
Does the fact that I can log in doing the following mean that the postgres user has no password set up?
我可以登录执行以下操作是否意味着 postgres 用户没有设置密码?
psql -U postgres
I did a
我做了一个
`select * from pg_roles`
and I can see that there is a password set. I found this article: http://www.postgresql.org/message-id/[email protected]which seeme to confirm that the postgres user is there by default... and you have to explicitly set a password. It's the second part about the password that I'm not sure about. Is it blank by default or set to something?
我可以看到设置了密码。我找到了这篇文章:http: //www.postgresql.org/message-id/[email protected]似乎确认 postgres 用户在默认情况下存在......并且您必须明确设置密码。这是关于我不确定的密码的第二部分。默认情况下是空白还是设置为某些内容?
I know that if pg_hba.conf is set to trust everything from 127.0.0.1, then you can log in from the local server without specifying a password. That might be what's happening in my case... i will test by changing the pg_hba.conf file... But it'd be nice to know what the default password is for postgres user.
我知道如果 pg_hba.conf 设置为信任来自 127.0.0.1 的所有内容,那么您可以从本地服务器登录而无需指定密码。这可能就是我的情况......我将通过更改 pg_hba.conf 文件进行测试......但是很高兴知道 postgres 用户的默认密码是什么。
Thanks.
谢谢。
回答by Daniel Vérité
pg_rolesis not the view that can tell whether a user has a password or not, because the password field is always set to ********no matter what.
pg_roles不是可以判断用户是否有密码的视图,因为********无论如何密码字段总是设置为。
This comes from the definition of this view (taken from version 9.3):
这来自此视图的定义(取自 9.3 版):
select definition from pg_views where viewname='pg_roles';
Result:
结果:
SELECT pg_authid.rolname,
pg_authid.rolsuper,
pg_authid.rolinherit,
pg_authid.rolcreaterole,
pg_authid.rolcreatedb,
pg_authid.rolcatupdate,
pg_authid.rolcanlogin,
pg_authid.rolreplication,
pg_authid.rolconnlimit,
'********'::text AS rolpassword
pg_authid.rolvaliduntil,
s.setconfig AS rolconfig,
pg_authid.oid
FROM (pg_authid
LEFT JOIN pg_db_role_setting s
ON (((pg_authid.oid = s.setrole) AND (s.setdatabase = (0)::oid))));
Note how the rolpasswordcolumn is hardcoded to reveal nothing (We may wonder why it's there at all. Maybe for backward compatibility?)
请注意该rolpassword列是如何硬编码为不显示任何内容的(我们可能想知道它为什么在那里。也许是为了向后兼容?)
On the other hand , there is a pg_shadowview that displays passwords as they're stored, in a column named passwd. This view is only readable by a superuser (typically: the postgresuser).
另一方面,有一个pg_shadow视图在名为 的列中显示存储密码passwd。此视图只能由超级用户(通常:postgres用户)读取。
Example:
例子:
create user foo unencrypted password 'foopassword';
create user bar encrypted password 'foopassword';
select usename,passwd from pg_shadow where usename in ('postgres','foo','bar');
Result on a vanilla Debian install:
在 vanilla Debian 安装上的结果:
usename | passwd ----------+------------------------------------- postgres | foo | foopassword bar | md50390570d30cb9a2f9cb7476f0763cf51
Initially the postgrespassword is often empty, except on Windows for which the installer tends to ask for it. On Unix, pg_hba.confis often set up such that only the OS user postgresmay log in as the database user postgresthrough Unix socket domains without a password. This is reasonable as a default security policy. Windows doesn't have Unix domain sockets, and the most recent versions of the installer don't even use a postgresOS user, so it makes sense that it implements a different default security policy.
最初postgres密码通常是空的,除了在 Windows 上安装程序往往会要求它。在 Unix 上,pg_hba.conf通常设置为只有操作系统用户postgres可以在postgres没有密码的情况下通过 Unix 套接字域以数据库用户身份登录。这作为默认安全策略是合理的。Windows 没有 Unix 域套接字,安装程序的最新版本甚至不使用postgres操作系统用户,因此它实现不同的默认安全策略是有道理的。
If a password is blank and the pg_hba.confrequires a password for the particular database/user/origin of an incoming connection, then the connection is rejected. There's no difference between a blank password and a lack of password.
如果密码为空并且pg_hba.conf传入连接的特定数据库/用户/来源需要密码,则连接将被拒绝。空白密码和缺少密码之间没有区别。
