[ckan-dev] postgres permissions

David Read david.read at okfn.org
Wed Oct 5 15:04:02 UTC 2011


Hi Florian,

I understand from your messages on Bitbucket that you're having
problems with postgres permissions.
https://bitbucket.org/okfn/ckan/pull-request/2/add-h-localhost-to-postgres-command-for#comment-301

You did:
$ paster --plugin=ckan db dump ckan.dump --config=/etc/ckan/std/std.ini
which runs pg_dump like this:
$ pg_dump --username=std -W std > ckan.dump
but you get this error:
FATAL:  Ident authentication failed for user "std"

Whereas you get success if you add "-h localhost" to the pg_dump command.

The error is due to your postgres permissions setup, I believe
(/etc/postgresql/8.4/main/pg_hba.conf) and I suggest you fix this,
rather than add the loopback complexity to the command line interface
code.

I'm no expert on postgres permissions, and wish I knew more about
them, but from what I can work out:

If you don't specify -h then it goes straight to the postgres process
- Unix domain socket, known as "local" in pg_hba.conf.

Whereas "-h localhost" uses the loopback interface and has different
permissions in pg_hba.conf. In my conf it is known by CIDR
"127.0.0.1/32".

I hope that helps. Of course, if you can shed any more light on the
general area, then it would be much appreciated.

David




More information about the ckan-dev mailing list