Using passwordless PostgreSQL login with ownCloud


CryptoKeyI like PostgreSQL and ownCloud, but I do not like passwords, especially if they have to stored in plain text in a widely readable configuration file. So, I wanted to use PostgreSQL peer authentication with ownCloud as well.

As root, do the following:

# su postgres -c psql
psql (9.1.9)
Type "help" for help.
postgres=#

(If you do not have peer authentication enabled for all users, you need to enter a password.)

Create the user www-data, [1]If your Web server runs under a different user name, replace all occurrences of “www-data” in this document with that name. (note that it needs quoting, as it contains a hyphen).

postgres=# create role "www-data";
CREATE ROLE

Create the new database, granting ownership (and thus all rights) to www-data:

postgres=# create database "owncloud" owner "www-data";
CREATE DATABASE

As the database server is now ready, we install ownCloud and visit its start page in your favorite web browser (typically, along the lines of https://example.org/owncloud/ ).

ownCloud with PostgreSQL peer authentication

  1. Fill in the desired admin account name and password.
  2. Expand the “Advanced” view and select PostgreSQL.
  3. Set the database user to www-data.
  4. Leave the database password empty (there is none, and it will not be needed).
  5. Set the database name to owncloud.
  6. Set the host name to /var/run/postgresql .

Peer authentication would work automagically, if the host name could be left empty: PostgreSQL clients would connect using the local Unix domain socket. Unfortunately, ownCloud insist on a non-empty host name. However, a path to the Unix domain socket (or, as in this case, it’s container directory) causes PostgreSQL to use the Unix domain socket. On Ubuntu, this is /var/run/postgresql; on other Linux distributions, this may vary, look for “unix_socket_directory” in /etc/postgresql/<version>/main/postgresql.conf .

Image credit: The key logo on this page was adapted from Wikimedia user MesserWoland‘s Crypto Key, which is licensed under CC BY-SA 3.0, among others.

,

Let’s stay in touch!

Receive a mail whenever I publish a new post.

About 1-2 Mails per month, no Spam.

Follow me on the Fediverse

Netfuture: The future is networked
Netfuture: The future is networked
@blog@netfuture.ch

The future of networking

206 posts
6 followers

Web apps


Leave a Reply

Only people in my network can comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)