How could my postgres user password get changed or lost?

[sscots]

My postgres container will build and fire up properly and work for a couple days or so but then randomly I'll start getting
"password authentication failed for user "postgres", Password does not match for user "postgres""

My docker-compose:

           postgres:
                  image: postgres:13.1
                  restart: always
                  environment:
                      - POSTGRES_PASSWORD=123
                      - PGDATA=/var/lib/postgresql/data/pgdata
                  ports:
                      - 5432:5432
                  volumes:
                    - ./postgres_data:/var/lib/postgresql

How is that possible? It has to do with something in the pgdata dir correct?

[wglambert]

It's possible that because the container is exposed to the Internet and has a weak password that it could have been compromised. #817 But there's nothing inherent to the image or Postgres itself that would change authentication credentials automatically

[sscots]

Is there any easy way to reset it outside of destroying everything?

Right now I have to run "docker system prune" and rebuild everything to get it to work again, but I lose the state of my database.

[wglambert]

You could try a workaround to get passwordless access by editing /var/lib/postgresql/data/pg_hba.conf

I would also check running processes in the container to see if there's anything that doesn't belong (you'd want the procps package installed and then do a ps aux to see the processes)

[yosifkit]

Definitely drop the ports: section to prevent further external actors. You can access without password or any changes by using a local connection (i.e. within the container); so docker exec --user postgres [contianer-name] psql should work.

(Also, as @wglambert mentioned, make sure they haven't taken anything sensitive or left anything nefarious. Though if they added anything to the postgres container outside of the volume, then a replacing it with of a new container using the same volume would delete all that).

[wglambert]

Going to close since this seems resolved and isn't an issue with the image

If you want further help you could also try asking over at the Docker Community Forums, Docker Community Slack, or Stack Overflow