Skip to content

How could my postgres user password get changed or lost? #896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sscots opened this issue Oct 14, 2021 · 5 comments
Closed

How could my postgres user password get changed or lost? #896

sscots opened this issue Oct 14, 2021 · 5 comments
Labels
question Usability question, not directly related to an error with the image

Comments

@sscots
Copy link

sscots commented Oct 14, 2021

My postgres container will build and fire up properly and work for a couple days or so but then randomly I'll start getting
"password authentication failed for user "postgres", Password does not match for user "postgres""

My docker-compose:

           postgres:
                  image: postgres:13.1
                  restart: always
                  environment:
                      - POSTGRES_PASSWORD=123
                      - PGDATA=/var/lib/postgresql/data/pgdata
                  ports:
                      - 5432:5432
                  volumes:
                    - ./postgres_data:/var/lib/postgresql

How is that possible? It has to do with something in the pgdata dir correct?
@wglambert
Copy link

It's possible that because the container is exposed to the Internet and has a weak password that it could have been compromised. #817 But there's nothing inherent to the image or Postgres itself that would change authentication credentials automatically

@sscots
Copy link
Author

sscots commented Oct 14, 2021

Is there any easy way to reset it outside of destroying everything?

Right now I have to run "docker system prune" and rebuild everything to get it to work again, but I lose the state of my database.

@wglambert wglambert added the question Usability question, not directly related to an error with the image label Oct 14, 2021
@wglambert
Copy link

wglambert commented Oct 14, 2021
edited
Loading

You could try a workaround to get passwordless access by editing /var/lib/postgresql/data/pg_hba.conf

I would also check running processes in the container to see if there's anything that doesn't belong (you'd want the procps package installed and then do a ps aux to see the processes)

@yosifkit
Copy link
Member

Definitely drop the ports: section to prevent further external actors. You can access without password or any changes by using a local connection (i.e. within the container); so docker exec --user postgres [contianer-name] psql should work.

(Also, as @wglambert mentioned, make sure they haven't taken anything sensitive or left anything nefarious. Though if they added anything to the postgres container outside of the volume, then a replacing it with of a new container using the same volume would delete all that).

@wglambert
Copy link

Going to close since this seems resolved and isn't an issue with the image

If you want further help you could also try asking over at the Docker Community Forums, Docker Community Slack, or Stack Overflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yosifkit @sscots @wglambert