Use PostgreSQL Relational Databases on Ubuntu 16.04
Updated by Phil Zona
The PostgreSQL relational database system is a powerful, scalable, and standards-compliant open-source database platform. This guide will help you install and configure PostgreSQL on your Ubuntu 16.04 LTS (Xenial Xerus) Linode.
Before You Begin
Familiarize yourself with our Getting Started guide and complete the steps for setting your Linode’s hostname and timezone.
Complete the sections of our Securing Your Server guide to create a standard user account, harden SSH access and remove unnecessary network services.
Update your system:
sudo apt-get update && sudo apt-get upgrade
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with
sudo. If you’re not familiar with the
sudocommand, visit the Users and Groups guide for more information.
Install PostgreSQL from the Ubuntu package repository:
sudo apt-get install postgresql postgresql-contrib
Modify the Postgres Users
By default, PostgreSQL will create a Linux user named
postgres to access the database software.
postgresuser should not be used for for other purposes (e.g. connecting to other networks). Doing so presents a serious risk to the security of your databases.
postgresuser’s Linux password:
sudo passwd postgres
Issue the following commands to set a password for the
postgresdatabase user. Be sure to replace
newpasswordwith a strong password and keep it in a secure place.
su - postgres psql -d template1 -c "ALTER USER postgres WITH PASSWORD 'newpassword';"
Note that this user is distinct from the
postgresLinux user. The Linux user is used to access the database, and the PostgreSQL user is used to perform administrative tasks on the databases.
The password set in this step will be used to connect to the database via the network. Peer authentication will be used by default for local connections. See the Secure Local PostgreSQL Access section for information about changing this setting.
Create a Database
Run the commands in this section as the
postgres Linux user.
Create a sample database called
Connect to the test database:
You will see the following output:
1 2 3 4
psql (9.5.2) Type "help" for help. mytestdb=#
This is the PostgreSQL client shell, in which you can issue SQL commands. To see a list of available commands, use the
\hcommand. You may find more information on a specific command by adding it after
This section contains examples which create a test database with an employee’s first and last name, assigning each a unique key. When creating your own tables, you may specify as many parameters (columns) as you need and name them appropriately. Run the commands in this section from the PostgreSQL shell, opened in Step 2 of the Create a Database section.
Create a table called “employees” in your test database:
CREATE TABLE employees (employee_id int, first_name varchar, last_name varchar);
Insert a record into the table:
INSERT INTO employees VALUES (1, 'John', 'Doe');
View the contents of the “employees” table:
SELECT * FROM employees;
This produces the following output:
1 2 3 4
employee_id | first_name | last_name -------------+------------+----------- 1 | John | Doe (1 row)
Exit the PostgreSQL shell by entering the
Create PostgreSQL Roles
PostgreSQL grants database access via roles which are used to specify privileges. Roles can be understood as having a similar function to Linux “users.” In addition, roles may also be created as a set of other roles, similar to a Linux “group.” PostgreSQL roles apply globally, so you will not need to create the same role twice if you’d like to grant it access to more than one database on the same server.
The example commands in this section should be run as the
postgres Linux user.
Add a new user role, then a password at the prompt:
createuser examplerole --pwprompt
If you need to delete a role, you can use the
dropusercommand in place of
Connect to the database:
You’ll be connected as the
postgresdatabase user by default.
From the PostgreSQL shell, enter the following to grant all privileges on the table
employeesto the user
GRANT ALL ON employees TO examplerole;
Exit the PostgreSQL shell by entering
Secure Local PostgreSQL Access
PostgreSQL uses peer authentication by default. This means database connections will be granted to local system users that own or have privileges on the database being connected to. Such authentication is useful in cases where a particular system user will be running a local program (e.g. scripts, CGI/FastCGI processes owned by separate users, etc.), but for greater security, you may wish to require passwords to access your databases.
Commands in this section should be run as the
postgres Linux user unless otherwise specified.
/etc/postgresql/9.5/main/pg_hba.conffile, under the
# "local" is for Unix domain socket connections onlyheader:
# "local" is for Unix domain socket connections only local all all peer
md5on this line to activate password authentication using an MD5 hash.
To enable these changes, we need to restart PostgreSQL. However, we did not grant the
postgresuser sudo privileges for security reasons. Return to the normal user shell:
Restart PostgreSQL and switch back to the
sudo service postgresql restart su - postgres
postgres, connect to the test database as the
psql -U examplerole -W mytestdb
You will be prompted to enter the password for the
exampleroleuser and given
psqlshell access to the database. When using a database, you may check access privileges for each of its tables with the
Secure Remote PostgreSQL Access
PostgreSQL listens for connections on
localhost and it is not advised to reconfigure it to listen on public IP addresses. If you would like to access your databases remotely using a graphical tool, please follow one of these guides:
- Securely Manage Remote PostgreSQL Servers with pgAdmin on Windows
- Securely Manage Remote PostgreSQL Servers with pgAdmin on Mac OS X
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This guide is published under a CC BY-ND 4.0 license.