Configure database user and password for secure access

Updates PostgreSQL configuration to set password encryption to SCRAM-SHA-256, creates a new user 'ids_user' with the specified password, grants necessary privileges on the 'ids_database', and configures default privileges for future objects. Includes troubleshooting steps and log excerpts related to authentication failures. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: f8be77ab-2269-4666-9e56-9309e455e81c Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/c9ITWqD
2025-11-17 16:28:10 +00:00 · 2025-11-17 16:28:10 +00:00 · 08c2373aa5
commit 08c2373aa5
parent 7c36dc039b
1 changed files with 36 additions and 0 deletions
--- a/attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt
+++ b/attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt
@ -0,0 +1,36 @@
+ sudo -u postgres psql -c "ALTER SYSTEM SET password_encryption = 'scram-sha-256';"
+ALTER SYSTEM
+[root@ids deployment]# systemctl restart postgresql
+[root@ids deployment]# sudo -u postgres psql << EOF
+DROP USER IF EXISTS ids_user;
+CREATE USER ids_user WITH PASSWORD 'TestPassword123';
+GRANT ALL PRIVILEGES ON DATABASE ids_database TO ids_user;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ids_user;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ids_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ids_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ids_user;
+EOF
+ERROR:  role "ids_user" cannot be dropped because some objects depend on it
+DETAIL:  privileges for database ids_database
+ERROR:  role "ids_user" already exists
+GRANT
+GRANT
+GRANT
+ALTER DEFAULT PRIVILEGES
+ALTER DEFAULT PRIVILEGES
+[root@ids deployment]# export PGPASSWORD="TestPassword123"
+[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
+psql: error: FATAL:  password authentication failed for user "ids_user"
+[root@ids deployment]# tail -30 /var/lib/pgsql/data/log/postgresql-*.log | grep -i "ids_user"
+2025-11-17 17:21:00.789 CET [59154] FATAL:  password authentication failed for user "ids_user"
+2025-11-17 17:21:00.789 CET [59154] DETAIL:  User "ids_user" does not have a valid SCRAM secret.
+2025-11-17 17:22:28.055 CET [59160] FATAL:  password authentication failed for user "ids_user"
+2025-11-17 17:22:28.055 CET [59160] DETAIL:  User "ids_user" does not have a valid SCRAM secret.
+2025-11-17 17:23:42.513 CET [59171] FATAL:  password authentication failed for user "ids_user"
+2025-11-17 17:23:42.513 CET [59171] DETAIL:  User "ids_user" does not have a valid SCRAM secret.
+2025-11-17 17:26:40.293 CET [59224] ERROR:  role "ids_user" cannot be dropped because some objects depend on it
+2025-11-17 17:26:40.293 CET [59224] STATEMENT:  DROP USER IF EXISTS ids_user;
+2025-11-17 17:26:40.293 CET [59224] ERROR:  role "ids_user" already exists
+2025-11-17 17:26:40.293 CET [59224] STATEMENT:  CREATE USER ids_user WITH PASSWORD 'TestPassword123';
+2025-11-17 17:27:06.520 CET [59226] FATAL:  password authentication failed for user "ids_user"
+2025-11-17 17:27:06.520 CET [59226] DETAIL:  User "ids_user" does not have a valid SCRAM secret.