PostgreSQL - ArchWiki
Packages
Forums
Wiki
GitLab
Security
AUR
Jump to content
From ArchWiki
Related articles
PhpPgAdmin
PostgreSQL
is an open source, community driven, standard compliant object-relational database system.
Installation
Warning
See
#Upgrading PostgreSQL
for necessary steps before upgrading to new versions of the PostgreSQL packages.
Install
the
postgresql
package. It will also create a system user called
postgres
You can now switch to the
postgres
user using a
privilege elevation program
Initial configuration
Before PostgreSQL can function correctly, the database cluster must be initialized:
[postgres]$ initdb -D /var/lib/postgres/data
Where
-D
is the default location where the database cluster must be stored (see
#Change default data directory
if you want to use a different one).
initdb
accepts a number of extra arguments:
This article or section needs expansion.
Reason:
PostgreSQL also supports ICU locales.
[1]
(Discuss in
Talk:PostgreSQL
By default, the
locale and the encoding for the database cluster
are derived from your current environment (using
$LANG
value). If this is not what you want, you can override the defaults using
--locale=
locale
(where
locale
is to be chosen amongst the system's
available locales
) and
--encoding=
encoding
(which must match the chosen locale). (Once the database is up, you can check which values were used with
[postgres]$ psql -l
.)
Note
Using a locale other than
C.UTF-8
POSIX
or
ucs_basic
can result in a
collation version mismatch
that will require reindexing if the library providing the locale (
glibc
or
icu
) gets updated.
If your data directory resides on a file system without data checksumming, you may wish to enable PostgreSQL's built-in
checksumming
for increased integrity guarantees - add the
--data-checksums
argument to do so. Read
#Enable data checksumming
for more information. (Once the database is up, you can check if it is enabled with
[postgres]$ psql --tuples-only -c "SHOW data_checksums"
.)
Note
The
/var/lib/postgres/data/
directory has the
No_COW
file attribute
set.
[2]
This
disables checksumming
in
Btrfs
The
trust
authentication method is used by default, meaning that anyone on the host can connect as any database user. You can use
--auth-local=peer --auth-host=scram-sha-256
for safer authentication methods.
The
-c
--set
option can be used to set any
postgresql.conf
parameter avoiding the need to manually edit
postgresql.conf
For more options, see
initdb --help
and
official documentation
Example:
[postgres]$ initdb --locale=C.UTF-8 --encoding=UTF8 -D /var/lib/postgres/data --data-checksums
Many lines should now appear on the screen with several ending by
... ok
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "C.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are enabled.
creating directory /var/lib/postgres/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgres/data -l logfile start
If these are the kind of lines you see, then the process succeeded. Return to the regular user using
exit
Warning
To read more about this
initdb
warning, see
#Restricts access rights to the database superuser by default
If the database resides on a
Btrfs
file system, you should consider disabling
Copy-on-Write
for the directory before creating any database.
If the database resides on a
ZFS
file system, you should consult
ZFS#Databases
before creating any database.
Tip
If you change the root to something other than
/var/lib/postgres
, you will have to
edit
the service file. If the root is under
, make sure to set
ProtectHome
to false.
Finally,
start
and
enable
the
postgresql.service
Create your first database/user
Tip
If you create a PostgreSQL role/user with the same name as your Linux username, it allows you to access the PostgreSQL database shell without having to specify a user to login (which makes it quite convenient).
Become the postgres user. Add a new database role/user using the
createuser
command:
[postgres]$ createuser --interactive
Create a new database over which the above user has read/write privileges using the
createdb
command (execute this command from your login shell if the database user has the same name as your Linux user, otherwise add
-O
database-username
to the following command):
$ createdb myDatabaseName
Tip
If you did not grant your new user database creation privileges, add
-U postgres
to the previous command.
Familiarize with PostgreSQL
Access the database shell
Become the postgres user. Start the primary database shell,
psql
, where you can do all your creation of databases/tables, deletion, set permissions, and run raw SQL commands. Use the
-d
option to connect to the database you created (without specifying a database,
psql
will try to access a database that matches your username).
[postgres]$ psql -d
myDatabaseName
Some helpful commands:
Get help:
=> \help
List all databases:
=> \l
Connect to a particular database:
=> \c
database
List all users and their permission levels:
=> \du
Show summary information about all tables in the current database:
=> \dt
Exit/quit the
psql
shell:
=> \q
or press
Ctrl+d
There are of course many more meta-commands, but these should help you get started. To see all meta-commands run:
=> \?
Optional configuration
The PostgreSQL database server configuration file is
postgresql.conf
. This file is located in the data directory of the server, typically
/var/lib/postgres/data
. This folder also houses the other main configuration files, including the
pg_hba.conf
which defines authentication settings, for both
local users
and
other hosts ones
Note
By default, this folder will not be browsable or searchable by a regular user. This is why
find
and
locate
are not finding the configuration files.
Restricts access rights to the database superuser by default
The defaults
pg_hba.conf
allow any local user to connect as any database user
, including the database superuser.
This is likely not what you want, so in order to restrict global access to the
postgres
user, change the following line:
/var/lib/postgres/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
To:
/var/lib/postgres/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres peer
You might later add additional lines depending on your needs or software ones.
Require password for login
Edit
/var/lib/postgres/data/pg_hba.conf
and set the authentication method for each user (or
all
to affect all users) to
scram-sha-256
/var/lib/postgres/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all
user
scram-sha-256
Note
Changing the authentication method in
pg_hba.conf
does not update the hashed passwords stored in the database
[3]
. To migrate from
md5
to
scram-sha-256
, you need to set a new password for each database user.
Restart
postgresql.service
, and then re-add each user's password using
ALTER USER
user
WITH ENCRYPTED PASSWORD '
password
';
Configure PostgreSQL to be accessible exclusively through UNIX Sockets
When
initially creating the cluster
, append
-c listen_addresses=''
to the
initdb
command.
For an existing cluster, edit
postgresql.conf
and in the connections and authentication section set:
/var/lib/postgres/data/postgresql.conf
listen_addresses = ''
This will disable network listening completely.
After this you should
restart
postgresql.service
for the changes to take effect.
Configure PostgreSQL to be accessible from remote hosts
In the connections and authentications section, set the
listen_addresses
line to your needs:
/var/lib/postgres/data/postgresql.conf
listen_addresses = 'localhost,
my_local_ip_address'
You can use
'*'
to listen on all available addresses.
Note
PostgreSQL uses TCP port
5432
by default for remote connections. Make sure this port is open in your
firewall
and able to receive incoming connections. You can also change it in the configuration file, right below
listen_addresses
Then add a line like the following to the authentication config:
/var/lib/postgres/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all
ip_address
/32 scram-sha-256
where
ip_address
is the IP address of the remote client.
See the documentation for
pg_hba.conf
Note
The factual accuracy of this article or section is disputed.
Reason:
The
official documentation
says that
md5
uses challenge-response authentication which "prevents password sniffing". Perhaps it should not be considered as insecure as sending the password in clear-text. (Discuss in
Talk:PostgreSQL
Neither sending your plain password nor the md5 hash over the Internet is secure if it is not done over an SSL-secured connection. See
Secure TCP/IP Connections with SSL
for how to configure PostgreSQL with SSL.
After this you should
restart
postgresql.service
for the changes to take effect.
For troubleshooting take a look in the server log file:
# journalctl -u postgresql.service
Configure PostgreSQL authenticate against PAM
PostgreSQL offers a number of authentication methods. If you would like to allow users to authenticate with their system password, additional steps are necessary. First you need to enable
PAM
for the connection.
For example, the same configuration as above, but with PAM enabled:
/var/lib/postgres/data/pg_hba.conf
# IPv4 local connections:
host all all
my_remote_client_ip_address
/32 pam
The PostgreSQL server is however running without root privileges and will not be able to access
/etc/shadow
. We can work around that by allowing the postgres group to access this file:
# setfacl -m g:postgres:r /etc/shadow
Change default data directory
The default directory where all your newly created databases will be stored is
/var/lib/postgres/data
. To change this, follow these steps:
Create the new directory and make the postgres user its owner:
# mkdir -p /pathto/pgroot/data
# chown -R postgres:postgres /pathto/pgroot
Become the postgres user, and initialize the new cluster:
[postgres]$ initdb -D /pathto/pgroot/data
Edit
postgresql.service
to create a
drop-in file
and override the
Environment
and
PIDFile
settings. For example:
/etc/systemd/system/postgresql.service.d/PGROOT.conf
[Service]
Environment=PGROOT=
/pathto/pgroot
PIDFile=
/pathto/pgroot/
data/postmaster.pid
If you want to use
/home
directory for default directory or for tablespaces, add one more line in this file:
ProtectHome=false
Change default encoding of new databases to UTF-8
Note
If you ran
initdb
with
-E UTF8
or while using an UTF-8 locale, these steps are not required.
When creating a new database (e.g. with
createdb blog
) PostgreSQL actually copies a template database. There are two predefined templates:
template0
is vanilla, while
template1
is meant as an on-site template changeable by the administrator and is used by default. In order to change the encoding of a new database, one of the options is to change on-site
template1
. To do this, log into PostgreSQL shell (
psql
) and execute the following:
First, we need to drop
template1
. Templates cannot be dropped, so we first modify it so it is an ordinary database:
UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';
Now we can drop it:
DROP DATABASE template1;
The next step is to create a new database from
template0
, with a new default encoding:
CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE';
Now modify
template1
so it is actually a template:
UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1';
Optionally, if you do not want anyone connecting to this template, set
datallowconn
to
FALSE
UPDATE pg_database SET datallowconn = FALSE WHERE datname = 'template1';
Note
This last step can create problems when upgrading via
pg_upgrade
Now you can create a new database:
[postgres]$ createdb blog
If you log back in to
psql
and check the databases, you should see the proper encoding of your new database:
\l
List of databases
Name | Owner | Encoding | Collation | Ctype | Access privileges
-----------+----------+-----------+-----------+-------+----------------------
blog | postgres | UTF8 | C | C |
postgres | postgres | SQL_ASCII | C | C |
template0 | postgres | SQL_ASCII | C | C | =c/postgres
: postgres=CTc/postgres
template1 | postgres | UTF8 | C | C |
Enable data checksumming
This article or section is out of date.
Reason:
Data checksums are enabled by default since PostgreSQL 18. The
--no-data-checksums
option can be used to disable data checksums when running
initdb
. (Discuss in
Talk:PostgreSQL
If your database files reside on a file system without checksumming, its data is suspectible to silent data corruption due to bit rot and broken hardware. While those events are rare, you might want to enable
PostgreSQL's built-in data checksumming
if you care about data integrity. This feature must be enabled on the cluster level, not per-database or per-table.
Note
This feature has a number of caveats:
There is a
minimal performance impact
, especially while reading large datasets from disk. In-memory operations are not affected.
PostgreSQL is unable to repair corrupt data - it will only abort transactions reading from corrupt pages to prevent further damage or invalid execution results.
Checksums cover on-disk data (row) pages only, not metadata or control structures. In-memory pages are not checksummed. Error-corrected storage and ECC memory is still beneficial.
To enable checksumming during cluster creation, add the
--data-checksums
argument to
initdb
To verify whenever checksumming is enabled, run
[postgres]$ psql --tuples-only -c "SHOW data_checksums"
(which should print
off
or
on
).
To toggle checksumming on an existing cluster:
Stop
postgresql.service
Run
[postgres]$ pg_checksums --pgdata /var/lib/postgres/data --enable
(or
--disable
if you no longer want checksumming). Enabling checksums will rewrite all database pages, which will take a while for large database instances.
Start
postgresql.service
Graphical tools
phpPgAdmin
— Web-based administration tool for PostgreSQL.
||
phppgadmin
AUR
pgAdmin-desktop
— The desktop user interface for pgAdmin, a comprehensive design and management GUI for PostgreSQL.
||
pgadmin4-desktop
AUR
pgAdmin
— Comprehensive design and management GUI for PostgreSQL.
||
pgadmin4
AUR
pgModeler
— Graphical schema designer for PostgreSQL.
||
pgmodeler
AUR
Postbird
— Cross-platform PostgreSQL GUI client, written in JavaScript, runs with Electron.
||
postbird-bin
AUR
rainfrog
— Database management TUI for Postgres.
||
rainfrog
pgweb
— Cross-platform Web client for PostgreSQL databases.
||
pgweb-bin
AUR
For tools supporting multiple DBMSs, see
List of applications/Documents#Database tools
Set up backups
It is recommended to set up backups for databases containing valuable data. See the
Backup and Restore
chapter in the PostgreSQL documentation. There is also a
list of backup tools
in the PostgreSQL wiki, though it may not be up-to-date or complete. Remember that a backup system cannot be trusted unless you perform a test restore from time to time!
Upgrading PostgreSQL
This article or section needs expansion.
Reason:
How to upgrade when using third party extensions? (Discuss in
Talk:PostgreSQL#pg_upgrade problem if extensions (like postgis) are used
Upgrading major PostgreSQL versions (e.g. version 14.x to version 15.y) requires some extra maintenance.
Note
Official PostgreSQL
upgrade documentation
should be followed.
Warning
The following instructions could cause data loss. Do not run the commands below blindly, without understanding what they do.
Make a backup
first.
Get the currently used database version via
# cat /var/lib/postgres/data/PG_VERSION
To ensure you do not accidentally upgrade the database to an incompatible version, it is recommended to
skip updates
to the PostgreSQL packages.
Minor version upgrades are safe to perform. However, if you do an accidental upgrade to a different major version, you might not be able to access any of your data. Always check the
PostgreSQL home page
to be sure of what steps are required for each upgrade. For a bit about why this is the case, see the
versioning policy
Note
If you use extensions check
#PostgreSQL database unable to start after package update when using extensions
and
#Failing to start a PostgreSQL server with the older version of the database while upgrading to the newer version with extensions
There are two main ways to upgrade your PostgreSQL database. Read the official documentation for details.
pg_upgrade
The
pg_upgrade
utility attempts to copy over as much compatible data as possible between clusters and upgrading everything else. It is generally the fastest method to upgrade most instances, although it requires access to binaries for both source and target PostgreSQL versions. Read the
pg_upgrade(1)
man page to understand what actions it performs. For non-trivial instances (e.g. with streaming replication or log-shipping),
read the upstream documentation first
For those wishing to use
pg_upgrade
, a
postgresql-old-upgrade
package is available that will always run one major version behind the real PostgreSQL package. This can be installed side-by-side with the new version of PostgreSQL. To upgrade from older versions of PostgreSQL there are AUR packages available, e.g.
postgresql-12-upgrade
AUR
. (You must use the
pg_upgrade
version packaged with the PostgreSQL version you are upgrading to). If using PostGIS, install
postgis-old-upgrade
AUR
Note that the database cluster directory does not change from version to version, so before running
pg_upgrade
, it is necessary to rename your existing data directory and migrate into a new directory. The new database cluster must be initialized using the same parameters as the old one.
When you are ready to begin the upgrade:
While the old database cluster is still online, collect the
initdb
arguments used to create it. Refer to
#Initial configuration
for more information.
Stop
postgresql.service
. Check the
unit status
to
be sure that PostgresSQL was stopped correctly
. If it failed,
pg_upgrade
will fail with
The source cluster was not shut down cleanly
Upgrade
postgresql
postgresql-libs
, and
postgresql-old-upgrade
Make sure that
/var/lib/postgres/olddata
does not exist. If you did not delete it after a previous upgrade, do it now.
Rename the old cluster directory, then create a new cluster and temporary working directory:
# mv /var/lib/postgres/data /var/lib/postgres/olddata
# mkdir /var/lib/postgres/data /var/lib/postgres/tmp
# chown postgres:postgres /var/lib/postgres/data /var/lib/postgres/tmp
[postgres]$ cd /var/lib/postgres/tmp
Initialize the new cluster using the same
initdb
arguments as were used for the old cluster:
[postgres]$ initdb -D /var/lib/postgres/data --locale=C.UTF-8 --encoding=UTF8 --data-checksums
Upgrade the cluster, replacing
PG_VERSION
below, with the old PostgreSQL version number (e.g.
15
):
[postgres]$ pg_upgrade -b /opt/pgsql-
PG_VERSION
/bin -B /usr/bin -d /var/lib/postgres/olddata -D /var/lib/postgres/data
Tip
On file systems that support reflinks (e.g.
Btrfs
and
XFS
), append the
--clone
option to speed up file copying.
If necessary, adjust the configuration files of new cluster (e.g.
pg_hba.conf
and
postgresql.conf
) to match the old cluster.
Start
postgresql.service
again.
Optional:
Run
[postgres]$ vacuumdb --all --analyze-in-stages
to recalculate query analyzer statistics, which
should improve query performance
shortly after the upgrade. (Adding
--jobs=
NUMBER_OF_CPU_CORES
argument may improve this command's performance.)
Optional:
Back up the
/var/lib/postgres/olddata
directory in case you need to restore a previous PostgreSQL version.
Delete the
/var/lib/postgres/olddata
directory with old cluster data.
Delete the
/var/lib/postgres/tmp
directory.
If you use
pgbackrest
, run the
stanza-upgrade
command.
Manual dump and reload
You could also do something like this (after the upgrade and install of
postgresql-old-upgrade
).
Note
Below are the commands for upgrading from PostgreSQL 14. You can find similar commands in
/opt/
for your version of PostgreSQL cluster, provided you have matching version of
postgresql-old-upgrade
package installed.
If you had customized your
pg_hba.conf
file, you may have to temporarily modify it to allow full access to old database cluster from local system. After upgrade is complete set your customization to new database cluster as well and
restart
postgresql.service
Stop
postgresql.service
# mv /var/lib/postgres/data /var/lib/postgres/olddata
# mkdir /var/lib/postgres/data
# chown postgres:postgres /var/lib/postgres/data
[postgres]$ initdb -D /var/lib/postgres/data --locale=C.UTF-8 --encoding=UTF8 --data-checksums
[postgres]$ /opt/pgsql-14/bin/pg_ctl -D /var/lib/postgres/olddata/ start
# cp /usr/lib/postgresql/postgis-3.so /opt/pgsql-14/lib/ # Only if postgis installed
[postgres]$ pg_dumpall -h /tmp -f /tmp/old_backup.sql
[postgres]$ /opt/pgsql-14/bin/pg_ctl -D /var/lib/postgres/olddata/ stop
Start
postgresql.service
[postgres]$ psql -f /tmp/old_backup.sql postgres
Troubleshooting
Improve performance of small transactions
If you are using PostgresSQL on a local machine for development and it seems slow, you could try turning
synchronous_commit off
in the configuration. Beware of the
caveats
, however.
/var/lib/postgres/data/postgresql.conf
synchronous_commit = off
PostgreSQL database unable to start after package update when using extensions
The cause in this case is mostly the existing package is not compiled for the newer version (and it may be up-to-date), the solution is
rebuilding
the package either manually or waiting for an update to the extension package.
Failing to start a PostgreSQL server with the older version of the database while upgrading to the newer version with extensions
This is caused because the old version of postgres from the package
postgresql-old-upgrade
does not have the required extensions (
.so
files) in its lib directory. The current solution is dirty, and might cause a lot of problems so keep a backup of the database just in case. Basically backup
/usr/lib/postgresql/
or individual .so files to a separate, temporary location, upgrade
postgresql-old-upgrade
postgresql
etc. and then restore the previously backed up files into
/opt/pgsql-
XX
/lib/
(remember to replace XX with the major version of
postgresql-old-upgrade
).
For example, for vectorchord
# mkdir /tmp/pgsql_update
# cp -a /usr/lib/postgresql/vchord.so*.so /tmp/pgsql_update
# pacman -Syu
# cp -a /tmp/pgsql_update/*.so /opt/pgsql-17/lib/
Warning
While copying the
.so
files was enough for me, it might be required to copy more files to the correct directories under
/opt/pgsql-
XX
To know the exact files to copy, check the content of the package of the extension using:
$ pacman -Ql
package_name
Warning
This is a very dirty solution that may break or cause data loss in the database, so keep a backup.
WARNING: database "postgres" has a collation version mismatch
You might see something like this:
WARNING: database "postgres" has a collation version mismatch
DETAIL: The database was created using collation version X.YY, but the operating system provides version X.ZZ.
HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.
That means collation provider library (
glibc
or
icu
) was updated which might have made some indexes invalid. So that means need to reindex those databases.
You can do that with:
[postgres]$ psql -c 'REINDEX DATABASE' postgres
[postgres]$ psql -c 'ALTER DATABASE postgres REFRESH COLLATION VERSION'
Repeat this above for all other databases by replacing
postgres
with respective DB name.
Tip
This issue can be avoided by using the
C.UTF-8
POSIX
or
ucs_basic
locale for the database cluster.
Retrieved from "
Category
Relational DBMSs
Hidden categories:
Pages or sections flagged with Template:Expansion
Pages or sections flagged with Template:Accuracy
Pages or sections flagged with Template:Out of date
PostgreSQL
Add topic