The postgres Unix user v23.40.0

This page documents how the postgres user and its home directory are configured.

There's a separate page about how to create Postgres users in the database.

Shell configuration

TPA will install a .bashrc file and ensure that it's also included by the .profile or .bash_profile files.

It will set a prompt that includes the username and hostname and working directory, and ensure that postgres_bin_dir in in the PATH, and set PGDATA to the location of postgres_data_dir.

You can optionally specify extra_bashrc_lines to append arbitrary lines to .bashrc. (Use the YAML multi-line string syntax >- to avoid having to worry about quoting and escaping shell metacharacters.)

cluster_vars:
  extra_bashrc_lines:
  - alias la=ls\ -la
  - >-
    export PATH="$PATH":/some/other/dir

It will edit sudoers to allow sudo systemctl start/stop/reload/restart/status postgres, and also change ulimits to allow unlimited core dumps and raise the file descriptor limits.

SSH keys

TPA will use ssh-keygen to generate and install an SSH keypair for the postgres user, and edit .ssh/authorized_keys so that the instances in the cluster can ssh to each other as postgres.

TLS certificates

By default, TPA will generate a private key and a self-signed TLS certificate which are used by Postgres as the ssl_key_file and ssl_cert_file respectively. The files are named using the TPA cluster name (cluster_name.key and cluster_name.crt) and located in /etc/tpa. For more information, including how to provide your own key and certificate, see the documentation for postgresql.conf.

The size of self-signed TLS key can be modified adding the variable postgres_rsa_key_size to the cluster_vars section:

  (...)
  cluster_vars:
    postgres_rsa_key_size: 4096

Username

The postgres_user and postgres_group settings (both postgres by default) are used consistently everywhere. You can change them if you need to run Postgres as a different user for some reason.