2017-03-13 16:57 GMT+01:00 Adrian Klaver <adrian.kla...@aklaver.com>:
> On 03/13/2017 08:44 AM, Guillaume Lelarge wrote: > >> 2017-03-13 16:29 GMT+01:00 Schmid Andreas <andreas.sch...@bd.so.ch >> <mailto:andreas.sch...@bd.so.ch>>: >> >> Hi >> >> I'm trying to add a new DB user with the following command from my >> client machine: >> createuser -h my.host.name <http://my.host.name> -U mysuperusername >> --pwprompt newusername >> >> I'm getting the following message: >> createuser: could not connect to database postgres: FATAL: no >> pg_hba.conf entry for host "10.0.0.1", user "mysuperusername", >> database "postgres", SSL on >> >> Now, it's true that our pg_hba.conf doesn't allow access to the >> postgres database. We did this intentionally, as usually no one >> needs to connect to this database. >> >> So I tried to do >> export PGDATABASE=sogis >> before the createuser command. But no success. Does anyone know of >> another way to achieve what I'm trying? >> >> I whish to do it with createuser rather than with the SQL command >> CREATE USER because this way I can avoid the password for the new >> user to show up anywhere in the history. >> >> I'm on 9.2 on Ubuntu 14.04. >> >> >> You can't. The createuser.c code specifically targets the "postgres" >> database, which surprises me. Anyway, the only other way to do it is to >> use psql, something like: psql -c "CREATE USER..." -h ... your_database >> > > Unfortunately that stills leaves the password in the Postgres log which is > what the OP is trying to avoid. The immediate solution would be to open the > postgres database in pg_hba.conf. A longer term solution would be to file > an issue and see if the code can be changed to allow specifying a database > to createuser. > > It's not very hard to do. But I really wonder why it's not already done. I fear there was a good idea, but I fail to see which one :) -- Guillaume. http://blog.guillaume.lelarge.info http://www.dalibo.com
