How to install and setup PostgreSQL on Ubuntu?

1. Installation Steps for PostgreSQL on Ubuntu

1.1 Update the Package List

• Open a terminal and run the following command to ensure your package list is up-to-date:

  sudo apt update

1.2 Install PostgreSQL

• Use the following command to install PostgreSQL:

  sudo apt install postgresql postgresql-contrib

1.3 Verify Installation

• Check the PostgreSQL service status to ensure it is running:

  sudo systemctl status postgresql

• You should see a message indicating that PostgreSQL is active and running.

1.4 Access PostgreSQL

• Switch to the PostgreSQL user account:

  sudo -i -u postgres

  • The command sudo -i -u postgres is used to temporarily switch to the postgres user account, which is the default administrative user for PostgreSQL.

• Access the PostgreSQL prompt by typing:

  psql

1.5 Create a New Database (Optional)

• To create a new database, use the following command within the PostgreSQL prompt:

  CREATE DATABASE your_database_name;

1.6 Exit PostgreSQL

• To exit the PostgreSQL prompt, type:

  \q

1.7 Enable Remote Access (Optional)

To enable remote access, follow these steps:

s1: Open the PostgreSQL configuration file located at /etc/postgresql//main/postgresql.conf.

s2: Modify the listen_addresses setting to include the IP address you want PostgreSQL to listen on.

        For example:

listen_addresses = '*'

s3: Save the changes and exit the editor.

s4: Edit the pg_hba.conf file in the same directory to add a rule for the IP range you want to allow connections from.

For example:

host    all             all             192.168.1.0/24            md5

s5: Restart PostgreSQL to apply the changes:

sudo systemctl restart postgresql

s6: Check if PostgreSQL server is currently listening on your local network IP

sudo ss -ltnp | grep postgres

LISTEN 0      200          0.0.0.0:5432      0.0.0.0:*    users:(("postgres",pid=7041,fd=6))
LISTEN 0      200             [::]:5432         [::]:*    users:(("postgres",pid=7041,fd=7))

s7: Check IP addresses assigned to your machine:

• hostname -I

  1. This shows all IP addresses assigned to your machine.

  2. Great for a quick peek at your local IP.

• ip addr show

  1. Lists all network interfaces and their IPs.

  2. Look for lines starting with inet under interfaces like eth0, enp0s3, or wlan0.

s8: Public IP (if you're behind a router)

• curl -4 ifconfig.me

  1. This fetches your public IP from an external service.

  2. The -4 flag ensures it returns your IPv4 address, otherwise IPv6 retruned.

  3. Useful if you're setting up remote access or hosting

s9: Test the remote connection using a PostgreSQL client from another machine(e.g., from a MacOS machine).

• egonever@egonevers-MacBook-Air mysite % psql -h 192.168.2.7 -U postgres            
  Password for user postgres: 
  psql (17.4 (Homebrew), server 16.9 (Ubuntu 16.9-0ubuntu0.24.04.1))
  SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off, ALPN: none)
  Type "help" for help.
  
  postgres=# \l
                                                       List of databases
     Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | Locale | ICU Rules |   Access privileges   
  -----------+----------+----------+-----------------+-------------+-------------+--------+-----------+-----------------------
   bilitube  | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | 
   postgres  | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | 
   template0 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | =c/postgres          +
             |          |          |                 |             |             |        |           | postgres=CTc/postgres
   template1 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | =c/postgres          +
             |          |          |                 |             |             |        |           | postgres=CTc/postgres
  (4 rows)
  
  postgres=# 

• Important Note:

  • Remote clients must authenticate with a password.

  • Upon installation on systems like Ubuntu, PostgreSQL creates a default superuser named postgres, but does not have a password set.

  • You can set a password from inside the psql prompt, using:

    • \password postgres

1.8 Ganting privileges to a normal use

Step-by-Step Guide (Inside psql):

s1. Create a New User If your user doesn’t exist yet

CREATE USER your_user_name WITH PASSWORD 'your_secure_password';

Replace your_user_name and 'your_secure_password' with your preferred values.

s2. Create a New Database

CREATE DATABASE your_database_name OWNER your_user_name;

This gives ownership of the database to your user.

1. (Optional) Grant Additional Privileges If needed, you can grant more specific permissions later:

   GRANT ALL PRIVILEGES ON DATABASE your_database_name TO your_user_name;
   

2. Test Access Log in as the user from another terminal or machine:

   psql -h  -U your_user_name -d your_database_name
   

s3. Grant ownership to a normal user 

ALTER DATABASE your_database_name OWNER TO your_user_name;

To confirm the change: 

\l

This lists all databases, and you’ll see the new owner reflected in the output. 

bilitube=> \l
                                                     List of databases
   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | Locale | ICU Rules |   Access privileges   
-----------+----------+----------+-----------------+-------------+-------------+--------+-----------+-----------------------
 bilitube  | envato   | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | =Tc/envato           +
           |          |          |                 |             |             |        |           | envato=CTc/envato
 postgres  | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | 
 template0 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | =c/postgres          +
           |          |          |                 |             |             |        |           | postgres=CTc/postgres
 template1 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |        |           | =c/postgres          +
           |          |          |                 |             |             |        |           | postgres=CTc/postgres
(4 rows)

 

---

2. Background Kownledge

2.1 what does "sudo -i -u postgres" do

The command sudo -i -u postgres is used to temporarily switch to the postgres user account, which is the default administrative user for PostgreSQL.

Here’s what each part does:

Command Breakdown

Part	Meaning
sudo	Run a command with superuser privileges
-i	Start a login shell (loads user's environment variables, like PATH)
-u postgres	Specifies the user to switch to—in this case, postgres

So when you run:

bash

sudo -i -u postgres

You’re telling the system:

"Start a shell session as the postgres user, with its login environment, using elevated privileges."

This is useful when you want to:

• Access the psql shell without a password (assuming local trust authentication)

• Run database commands or scripts as postgres

• Avoid using su or messing with actual system user credentials

2.2 sudo apt install curl

2.3 What does listen_addresses = '*' mean

The setting listen_addresses = '*' in PostgreSQL’s configuration (postgresql.conf) tells the server to listen on all available IP addresses(e.g., multiple network interfaces) for incoming connections.

d1. What It Really Means

• The listen_addresses parameter controls which IPs PostgreSQL binds to.

• A value of '*' means:

So instead of limiting PostgreSQL to localhost (127.0.0.1) or a specific interface, it opens the door to connections from external machines—provided the firewall and pg_hba.conf settings allow it.

d2. Important Caveats

• This does not automatically allow anyone to connect. You must still:

  • Configure proper authentication in pg_hba.conf

  • Allow access via firewalls or network settings

• It makes PostgreSQL network-accessible, which is great for remote clients—but also requires careful security configuration.

2.4 Details about postgres -- the default superuser

Upon installation on systems like Ubuntu, PostgreSQL creates a default superuser named postgres, but by default:

• ✅ The postgres system user does not have a password set

• ✅ The PostgreSQL database user postgres can access the database locally using trust-based authentication (depending on how pg_hba.conf is configured)

d1. Why No Password by Default?

This is by design:

• It simplifies local setup—you can run psql as postgres without needing a password.

• PostgreSQL assumes you're on a secure local system at initial setup.

• You can still set a password later using:

  \password postgres
  

  from inside the psql prompt.

d2. When Does This Become a Problem?

• If you enable remote access, remote clients must authenticate with a password.

• You’ll need to:

  • Set a password manually for postgres

  • Ensure pg_hba.conf allows password-based connections (e.g. with md5 method)

 d3. Hands-on Example 

Try logging into the PostgreSQL server locally:

sudo -i -u postgres
psql

Then run:

\password postgres

Set a new password you’ll remember, then test it again from your remote MacOS machine(see 1.7 s9)

d4. "=Tc/envato envato=CTc/envato" means

It’s one of those PostgreSQL quirks that looks cryptic until you crack the code.

This is PostgreSQL’s shorthand for access control lists (ACLs) on a database. Let’s break it down:

=Tc/envato

• The = means this applies to the PUBLIC role — i.e. all users.

• T = TEMPORARY privilege (can create temporary tables)

• c = CONNECT privilege (can connect to the database)

• /envato = these privileges were granted by envato

So:

All users can connect to the database and create temporary tables, because envato granted those privileges to PUBLIC.

envato=CTc/envato

• This applies to the envato user

• C = CREATE privilege (can create schemas, extensions, etc.)

• T = TEMPORARY

• c = CONNECT

• /envato = granted by envato (self-granted or default)

So:

The envato user has full privileges to connect, create, and use temporary tables — granted by themselves.

Summary Table

Symbol	Privilege
C	CREATE
T	TEMPORARY
c	CONNECT
=	PUBLIC role
/envato	Granted by envato