The postgres Unix user v23.40.0
This page documents how the postgres user and its home directory are configured.
There's a separate page about how to create Postgres users in the database.
Shell configuration
TPA will install a .bashrc file and ensure that it's also included
by the .profile or .bash_profile files.
It will set a prompt that includes the username and hostname and working
directory, and ensure that postgres_bin_dir in in the PATH, and set
PGDATA to the location of postgres_data_dir.
You can optionally specify extra_bashrc_lines to append arbitrary
lines to .bashrc. (Use the YAML multi-line string syntax >- to avoid
having to worry about quoting and escaping shell metacharacters.)
cluster_vars: extra_bashrc_lines: - alias la=ls\ -la - >- export PATH="$PATH":/some/other/dir
It will edit sudoers to allow
sudo systemctl start/stop/reload/restart/status postgres, and also
change ulimits to allow unlimited core dumps and raise the file
descriptor limits.
SSH keys
TPA will use ssh-keygen to generate and install an SSH keypair for
the postgres user, and edit .ssh/authorized_keys so that the instances
in the cluster can ssh to each other as postgres.
TLS certificates
By default, TPA will generate a private key and a self-signed TLS
certificate which are used by Postgres as the ssl_key_file and
ssl_cert_file respectively. The files are named using the TPA cluster
name (cluster_name.key and cluster_name.crt) and located in
/etc/tpa. For more information, including how to provide your own
key and certificate, see the documentation for
postgresql.conf.
The size of self-signed TLS key can be modified adding the variable postgres_rsa_key_size
to the cluster_vars section:
(...) cluster_vars: postgres_rsa_key_size: 4096
Username
The postgres_user and postgres_group settings (both postgres by
default) are used consistently everywhere. You can change them if you
need to run Postgres as a different user for some reason.