Docker runs PostgreSQL in "trust" mode

Mamoru
August 16, 2022
158 views
0 votes
2 Answers

I am currently learning docker and trying to run a docker container with the PostgreSQL database. I managed that once, and everything seemed to work fine. After some time, I tried to run another docker container with almost identical settings, however, it didn’t go as expected. My problem is that now, whenever I try to run PostgreSQL container, initdb initializes the database in "trust" mode and accepts any connections without the password.

So far, I’ve tried running the command from the console:

docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -p 32000:5432 -d postgres:14.5-alpine

As well as running the docker-compose.yaml:

services:
  db:
    container_name: Test_container
    image: postgres:14.5-alpine
    restart: unless-stopped
    ports:
      - "32000:5432"
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: mysecretpassword

Additionally, I tried ordering tags differently, different images, and different values, cleaning docker: removing all containers, images, and volumes, and even reinstalling docker, however, whenever I inspect logs of a newly created container, I get:

sh: locale: not found
2022-08-16 09:35:50.709 UTC [30] WARNING:  no usable system locales were found
performing post-bootstrap initialization ... ok
initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
syncing data to disk ... ok

One of my assumptions was that docker, for some reason, doesn’t see the password I am specifying and thus starts the database in "trust" mode, however, if I add

environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: test_db

to the docker-compose.yaml, test_db database is being created.

I’d appreciate any suggestions on how to make docker run PostgreSQL containers not in a "trust" mode as it should by default if the password is specified.

Juan González pointed out:

Note 1: The PostgreSQL image sets up trust authentication locally so you may notice a password is not required when connecting from localhost (inside the same container). However, a password will be required if connecting from a different host/container.

So, according to the docs, I updated my docker-compose.yaml file:

environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: test_db
      POSTGRES_HOST_AUTH_METHOD: scram-sha-256
      POSTGRES_INITDB_ARGS: --auth-host=scram-sha-256

and once again tried swapping order andor removing POSTGRES_INITDB_ARGS, but database still runs in "trust" mode.

Answers

Chosen as BEST ANSWER
- Mamoru
- November 10, 2022 at 2:48 pm
- 0 votes
0
As @jjanes pointed out in the comment to my question, the solution is to add POSTGRES_INITDB_ARGS: --auth=scram-sha-256 which would set both local and host types of connections.

(Edit)

- JuanGonz225lez
- August 16, 2022 at 1:00 pm
- 0 votes
0
As stated in Postgres’ DockerHub documentation:

Note 1: The PostgreSQL image sets up trust authentication locally so you may notice a password is not required when connecting from localhost (inside the same container). However, a password will be required if connecting from a different host/container.

However, if you don’t want trust mode even in local connections, you can set the POSTGRES_HOST_AUTH_METHOD environment variable to override this behavior. More info at the documentation mentioned above.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.