Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sx9yj-008J1q-4K for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 18:58:09 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sx9yg-003erO-O3 for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 18:58:06 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sx9yg-003enB-Ba for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 18:58:06 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sx9yd-002gCd-TU for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 18:58:05 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 495IvxG91062815; Sat, 5 Oct 2024 14:57:59 -0400 From: Tom Lane To: Matt Zagrabelny cc: Adrian Klaver , "David G. Johnston" , "pgsql-generallists.postgresql.org" Subject: Re: grant connect to all databases In-reply-to: References: <0c089041-d4eb-4bf4-bfcb-6451224190c9@aklaver.com> Comments: In-reply-to Matt Zagrabelny message dated "Sat, 05 Oct 2024 13:24:47 -0500" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1062813.1728154679.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Sat, 05 Oct 2024 14:57:59 -0400 Message-ID: <1062814.1728154679@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Matt Zagrabelny writes: > ...but I still cannot connect: > $ psql -d test -U alice > psql: error: connection to server on socket > "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: permission denied fo= r > database "test" > DETAIL: User does not have CONNECT privilege. This shouldn't be happening, since as mentioned upthread our default for newly-created databases is that they have CONNECT granted to PUBLIC. It works fine for me, even for a user with no special permissions: postgres=3D# create user alice; CREATE ROLE postgres=3D# create database test; CREATE DATABASE postgres=3D# \c test alice You are now connected to database "test" as user "alice". If I explicitly revoke the privilege, I can duplicate your results: test=3D> \c postgres postgres You are now connected to database "postgres" as user "postgres". postgres=3D# revoke connect on database test from public; REVOKE postgres=3D# \c test alice connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL: permis= sion denied for database "test" DETAIL: User does not have CONNECT privilege. I wonder if your puppet recipe is revoking that behind your back, or if you are using some modified version of Postgres with different ideas about default privileges. Looking at psql \l output for the test DB might be informative. regards, tom lane