PostgreSQL, also known as Postgres, is an open-source general-purpose object-relational database management system. It has many powerful features such as online backups, point in time recovery, nested transactions, SQL and JSON querying, multi-version concurrency control (MVCC), asynchronous replication, and more. PostgreSQL has been used in various popular projects. It is among the list of most popular and widely used databases.
This tutorial walks you through the steps of installing the PostgreSQL database server on Debian 10. We’ll also explore the fundamentals of basic database administration.
Table of Contents
PostgreSQL Installation
At the time of writing this article, the latest version of PostgreSQL available from the default Debian repositories is PostgreSQL version 11.5.
To install PostgreSQL on your Debian server perform the following steps as root or user with
Start by updating the APT package index:
Install the PostgreSQL server and
sudo apt install postgresql postgresql-contribOnce the installation is complete, the PostgreSQL service will start. To verify the installation, use the psql tool to print the server version:
sudo -u postgres psql -c "SELECT version();"Once the installation is complete, the PostgreSQL service will start. To verify the installation, use the psql tool to print the server version:
sudo -u postgres psql -c "SELECT version();"The output should look something like the following:
PostgreSQL 11.5 (Debian 11.5-1+deb10u1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
psql is an interactive terminal program that allows you to interact with the PostgreSQL server.
PostgreSQL Roles and Authentication Methods
PostgreSQL handles database access permissions using the concept of roles. Depending on how you set up the role, it can represent a database user or a group of database users.
PostgreSQL supports several authentication methods. The most frequently used methods are:
- Trust – A role can connect without a password, as long as the criteria defined in
the pg_hba.confare met. - Password – A role can connect by providing a password. The passwords can be stored as
scram-sha-256md5andpassword(clear-text) - Ident – Only supported for TCP/IP connections. It works by obtaining
the client’s operating system user name, with an optional user name mapping. - Peer – Same as Ident, but it is only supported on local connections.
PostgreSQL client authentication is defined in the configuration file named pg_hba.conf. For local connections, PostgreSQL is set to use the peer authentication method.
The “
To log in to the PostgreSQL server as “psql utility:
sudo su - postgres
psqlFrom here you can interact with the PostgreSQL server. To exit out of the PostgreSQL shell type:
\qYou can use the sudo command to access the PostgreSQL prompt without switching users:
sudo -u postgres psqlThe postgres user is typically used only from the localhost.
Creating PostgreSQL Role and Database
The createuser command allows you to create new roles from the command line. Only superusers and roles with CREATEROLE privilege can create new roles.
In the following example, we’ll create a new role kylokylodb
First, create the role by issuing the following command:
sudo su - postgres -c "createuser kylo"Next, create the database using the createdb command:
sudo su - postgres -c "createdb kylodb"To grant permissions to the user on the database, connect to the PostgreSQL shell:
sudo -u postgres psqlRun the following query:
grant all privileges on database kylodb to kylo;Enable Remote Access to the PostgreSQL Server
By default, the PostgreSQL, server listens only on the local interface 127.0.0.1.
If you want to connect to the PostgreSQL server from remote locations, you need to set the server to listen on the public interface and edit the configuration to accept remote connections.
Open the configuration postgresql.conflisten_addresses = '*' the sectionCONNECTIONS AND AUTHENTICATION. This instruct the server to listen on all network interfaces.
sudo nano /etc/postgresql/11/main/postgresql.confEdit the file as shown below.
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;Save the file and restart the PostgreSQL service for changes to take effect:
sudo service postgresql restartVerify the changes with the ss utility:
ss -nlt | grep 5432LISTEN 0 128 0.0.0.0:5432 0.0.0.0:*
LISTEN 0 128 [::]:5432 [::]:*The output should show that the PostgreSQL server listens on all interfaces (0.0.0.0).
The last step is to configure the server to accept remote logins by editing the pg_hba.conf file.
Below are some examples showing different use cases:
# TYPE DATABASE USER ADDRESS METHOD
# The user jane will be able to access all databases from all locations using an md5 password
host all jane 0.0.0.0/0 md5
# The user jane will be able to access only the janedb from all locations using an md5 password
host janedb jane 0.0.0.0/0 md5
# The user jane will be able to access all databases from a trusted location (192.168.1.134) without a password
host all jane 192.168.1.134 trustConclusion
We’ve shown you how to install and configure PostgreSQL on Debian 10. For more information on this topic, consult the PostgreSQL Documentation.