Re: Error connecting for first connect upon pgAdmin start (with solution)

Thanks, I understand and have some proposal, see bellow.

On Sat, Mar 5, 2011 at 8:38 PM, Guillaume Lelarge
<guillaume(at)lelarge(dot)info> wrote:
> Le 03/03/2011 17:12, Martin Schayna a écrit :
>> Small bug + solution
>>
>> pgAdmin III 1.12.0
>> PostgreSQL 9.0
>> Ubuntu Linux 10.04
>> installed completely from Martin Pitt's PPA
>> https://launchpad.net/~pitti/+archive/postgresql, but also
>> reproducible with original Ubuntu repositories (PostgreSQL 8.4,
>> pgAdmin III 1.10.2)
>>
>> Scenario:
>>
>> 1) start pgAdmin from console: $ pgadmin3
>> 2) warning appears on console:
>>   WARNING: password file "/home/mase/.pgpass" has group or world
>> access; permissions should be u=rw (0600) or less
>
> This is right. libpq doesn't want to use .pgpass if its permissions are
> higher than 600.

Hmm... but this warning is visible only for users who run pgAdmin
from console. Most users run pgAdmin from icon, so warning is invisible
for them, misleading error message appears and they realize that saving
passwords does not functional.

All my colleagues were trapped :-) Luckily I run pgAdmin from console...

>> 3) now try to connect some server by double-clicking server node in
>> tree, error window appears and server is not connected:
>>   An error has occurred:
>>   Error connecting to the server: fe_sendauth: no password supplied
>
> Another server? or the same one?
> If the same one, it's quite right too. It cannot use the .pgpass file,
> so it cannot send a password, and you can't connect.

Same server, I have only "localhost" server defined in pgAdmin.

>> 4) subsequent tries works, until pgAdmin close
>
> Define works?

First connect is unsuccessful, the next one shows login dialog
(regardless of whether the password has been saved in .pgpass
or not), given password is saved into .pgpass (if checkbox for it
in login dialog is checked). After disconnect all subsequent
connects are successful without login dialog prompt until
pgAdmin is closed.

>> Solution:
>>
>> When I change permissions for .pgpass file as warning suggested,
>> connection error for first connect upon pgAdmin start disappears and
>> everything works like a charm. It looks like there is some lack in
>> reading passwords from .pgpass when warning is shown.
>>
>
> You need to have 600 permissions flags to be able to use the .pgpass
> file. This is a good thing that the libpq does for your security.

OK, now I understand. But first point is still valid: because of that
many users realize that saving password is non-functional.

Proposal:

Maybe, pgAdmin would check permissions on .pgpass and show
warning about that into GUI (before libpq refuses it).

Martin Schayna

>> Keep up good work, guys!
>
> Thanks.
>
>
> --
> Guillaume
>  http://www.postgresql.fr
>  http://dalibo.com
>