Using passwordless PostgreSQL login with ownCloud


CryptoKeyI like PostgreSQL and ownCloud, but I do not like passwords, especially if they have to stored in plain text in a widely readable configuration file. So, I wanted to use PostgreSQL peer authentication with ownCloud as well.

As root, do the following:

# su postgres -c psql
psql (9.1.9)
Type "help" for help.
postgres=#

(If you do not have peer authentication enabled for all users, you need to enter a password.)

Create the user www-data, [1]If your Web server runs under a different user name, replace all occurrences of “www-data” in this document with that name. (note that it needs quoting, as it contains a hyphen).

postgres=# create role "www-data";
CREATE ROLE

Create the new database, granting ownership (and thus all rights) to www-data:

postgres=# create database "owncloud" owner "www-data";
CREATE DATABASE

As the database server is now ready, we install ownCloud and visit its start page in your favorite web browser (typically, along the lines of https://example.org/owncloud/ ).

ownCloud with PostgreSQL peer authentication

  1. Fill in the desired admin account name and password.
  2. Expand the “Advanced” view and select PostgreSQL.
  3. Set the database user to www-data.
  4. Leave the database password empty (there is none, and it will not be needed).
  5. Set the database name to owncloud.
  6. Set the host name to /var/run/postgresql .

Peer authentication would work automagically, if the host name could be left empty: PostgreSQL clients would connect using the local Unix domain socket. Unfortunately, ownCloud insist on a non-empty host name. However, a path to the Unix domain socket (or, as in this case, it’s container directory) causes PostgreSQL to use the Unix domain socket. On Ubuntu, this is /var/run/postgresql; on other Linux distributions, this may vary, look for “unix_socket_directory” in /etc/postgresql/<version>/main/postgresql.conf .

Image credit: The key logo on this page was adapted from Wikimedia user MesserWoland‘s Crypto Key, which is licensed under CC BY-SA 3.0, among others.

,

Let’s stay in touch!

Receive a mail whenever I publish a new post.

About 1-2 Mails per month, no Spam.

Follow me on the Fediverse

Web apps


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.