How Do I Enable remote access to PostgreSQL database server?

Posted by Bhushan G Ahire | Posted in Amazon EC2, Security | Posted on 11-05-2010

0

By default, PostgreSQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home computer or from web server.

Step # 1: Login over ssh if server is outside your IDC

Login over ssh to remote PostgreSQL database server:

$ ssh user@remote.pgsql.server.com

Step # 2: Enable client authentication

Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or /etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.

Login as postgres user using su / sudo command, enter:

$ su - postgres

Edit the file:

$ vi /var/lib/pgsql/data/pg_hba.conf

OR

$ vi /etc/postgresql/8.2/main/pg_hba.conf

Append the following configuration lines to give access to 10.10.29.0/24 network:

host all all 10.10.29.0/24 trust

Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.

Step # 2: Enable networking for PostgreSQL

You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.

Step # 3: Allow TCP/IP socket

If you are using PostgreSQL version 8.x or newer use the following instructions or skip to Step # 3a for older version (7.x or older).

You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.

# vi /etc/postgresql/8.2/main/postgresql.conf

OR

# vi /var/lib/pgsql/data/postgresql.conf

Find configuration line that read as follows:

listen_addresses='localhost'

Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to ‘localhost’, and ‘*’ is all ip address:

listen_addresses='*'

Or just bind to 202.54.1.2 and 202.54.1.3 IP address

listen_addresses='202.54.1.2 202.54.1.3'

Save and close the file. Skip to step # 4.

Step #3a – Information for old version 7.x or older

Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:

# vi /var/lib/pgsql/data/postgresql.conf

Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:

tcpip_socket = true

Save and close the file.

Step # 4: Restart PostgreSQL Server

Type the following command:

# /etc/init.d/postgresql restart

Step # 5: Iptables firewall rules

Make sure iptables is not blocking communication, open port 5432 (append rules to your iptables scripts or file /etc/sysconfig/iptables):

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 20.04.23.22  --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 20.04.23.22 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Restart firewall:

# /etc/init.d/iptables restart

Step # 6: Test your setup

Use psql command from client system. Connect to remote server using IP address 20.04.23.22 and login using postgres username and testdatabase database, enter:

$ psql -h 20.04.23.22 -U postgres -d testdatabase

Continue Reading

Installing PostgreSQL on Snow Leopard 10.6

Posted by Bhushan G Ahire | Posted in MAC Tiger | Posted on 15-02-2010

1

Installing PostgreSQL 8.3

First, you’ll need to install Xcode if you haven’t already. This is available on the Snow Leopard DVD in the Optional Installs directory.

Second, if you aren’t already using it, download Mac Ports for Snow Leopard and install it. Mac Ports has come a long way in the last few years and will make your life much easier.

Once those are installed, run the following command:
sudo port install postgresql83 postgresql83-server

Setup Your First Database

At the very end of the install it tells you how to setup your first database:

sudo mkdir -p /opt/local/var/db/postgresql83/defaultdb
sudo chown postgres:postgres /opt/local/var/db/postgresql83/defaultdb
sudo su postgres -c '/opt/local/lib/postgresql83/bin/initdb -D /opt/local/var/db/postgresql83/defaultdb'

You’ll also want to setup Postgres to auto-run as a server on start up.

sudo launchctl load -w /Library/LaunchDaemons/org.macports.postgresql83-server.plist

If you want to start it right now, you can either reboot or do the following:

sudo su postgres -c '/opt/local/lib/postgresql83/bin/postgres -D /opt/local/var/db/postgresql83/defaultdb'

Make psql Available from the Command Line

The executable files for PostgreSQL get shoved into a non-standard place (just like MySQL), so you’ll need to edit the default profile.

sudo vi /etc/profile

You can also do this using sudo mate /etc/profile if you aren’t comfortable in VI.

The PATH= line needs to be changed to include the PostgreSQL bin directory.

Mine was PATH="/opt/local/bin:$PATH" and is now:

PATH="/opt/local/bin:/opt/local/sbin:/opt/local/lib/postgresql83/bin:$PATH"

If you open a new terminal window you can now type psql and it will find it.

Create a New User and Database

By default, PostgreSQL creates a postgres user for you. However, it’s not good practice to use the default and it’s a pain in the ass. Let’s just create a new database user to make it easier.

createuser --superuser macusername -U postgres

You need to change macusername to your mac username. This will make your life ALOT easier. Trust me here.

Next, create your database:

createdb my_database

Installing the PostgreSQL Ruby Gem

Unlike the MySQL driver, we don’t need to pass the ARCHFLAGS variable as 64 bit. PostgreSQL comes with both 32 and 64-bit versions. Yeah!

sudo gem install postgres-pr

Per Tom’s comment below, we should be using the native driver for better performance.

sudo env ARCHFLAGS="-arch x86_64" gem install pg

Configuring your Rails Application

Inside your Ruby on Rails application, open up config/database.yml and change your development adapter to be similar to the following:

development:
adapter: postgresql
database: defaultdb
username: defaultdb

You can change defaultdb to the name you need for your application.

Continue Reading

Grant privileges to all tables in a database for postgresql

Posted by Bhushan Ahire | Posted in Security | Posted on 17-06-2009

0

Grant privileges to all tables in a database (select, update, insert, delete)

Eg:( Creating a read-only user in postgres)

–Function to grant access(select,insert,update,delete) to users

CREATE FUNCTION pg_grant(TEXT, TEXT, TEXT, TEXT)
RETURNS integer AS '
DECLARE obj record;
num integer;
BEGIN
num:=0;
FOR obj IN SELECT relname FROM pg_class c
JOIN pg_namespace ns ON (c.relnamespace = ns.oid) WHERE
relkind in (''r'',''v'',''S'') AND
nspname = $4 AND
relname LIKE $3
LOOP
EXECUTE ''GRANT '' || $2 || '' ON '' || obj.relname || '' TO '' || $1;
num := num + 1;
END LOOP;
RETURN num;
END;
' LANGUAGE plpgsql SECURITY DEFINER;

–Function to revoke access(select,insert,update,delete) from users

CREATE FUNCTION pg_revoke(TEXT, TEXT, TEXT, TEXT)
RETURNS integer AS '
DECLARE obj record;
num integer;
BEGIN
num:=0;
FOR obj IN SELECT relname FROM pg_class c
JOIN pg_namespace ns ON (c.relnamespace = ns.oid) WHERE
relkind in (''r'',''v'',''S'') AND
nspname = $4 AND
relname LIKE $3
LOOP
EXECUTE ''REVOKE '' || $2 || '' ON '' || obj.relname || '' FROM '' || $1;
num := num + 1;
END LOOP;
RETURN num;
END;
' LANGUAGE plpgsql SECURITY DEFINER;

–Create users for your database

CREATE USER userreadonly WITH PASSWORD 'userr3ad0nly';
CREATE USER userall WITH PASSWORD 'usersh0pa11';

–Grant respective access to users

select pg_grant('userreadonly ','select','%','public');
select pg_grant('userall ','select,insert,update,delete','%','public');

You might need to create lang for plpgsql if you had not done so

createlang plpgsql yrdatabasename

Continue Reading