cannot create extension without superuser role

DatabasePostgresqlPostgresql 9.1

Database Problem Overview

I'm trying to run unit tests in Django, and it creates a new database. The database has postgis extensions and when I regularly create the database, I use "CREATE ExTENSION postgis".

However, when I run tests, it gives me the following error:

$ ./manage.py test
Creating test database for alias 'default'...
Got an error creating the test database: database "test_project" already exists

Type 'yes' if you would like to try deleting the test database 'test_project', or 'no' to cancel: yes
Destroying old test database 'default'...
DatabaseError: permission denied to create extension "postgis"
HINT:  Must be superuser to create this extension.

The user has the Create DB privilege already, I'm using PostgreSQL 9.1 on Ubuntu 12.04 with Postgis 2.0.

Database Solutions

Solution 1 - Database

The Django documentation on postgis has some information on setting up user privileges.

In the worst case you can create a new superuser:

$ createuser --superuser <user_name>

or alter an existing user's role:

postgres# ALTER ROLE <user_name> SUPERUSER;

Solution 2 - Database

Easiest way I found is to:

su postgres
psql
alter role user_name superuser;
#then create the extension as the user in a different screen
alter role user_name nosuperuser;

Basically give the user superuser powers for a short time, and create the extension. Then revoke the superuser powers.

You can also use \connect user_name to become that user and create the extension directly from the postgres user.

Solution 3 - Database

Another way to solve this that is suggested in the django docs

$ psql <db name>
> CREATE EXTENSION postgis;

you can log into a database as the superuser and create the extension once. The extension will then be available to your api's db user. When django executes CREATE EXTENSION IF NOT EXISTS postgis postgres will not throw.

If you are seeing errors when migrating doublecheck you created the extension in the correct database, a sample sesssion

$ psql
=> \l            - list databases
=> \c <db name>  - connect to django db
=> create extension postgis;

you can verify the extension is installed if you see the table spatial_ref_sys

=> \dt
                   List of relations
 Schema |            Name            | Type  |  Owner
--------+----------------------------+-------+----------
 public | spatial_ref_sys            | table | postgres

for tests I recommend running them against a local dev database and granting the user superuser abilities like > ALTER ROLE <user_name> SUPERUSER;

Solution 4 - Database

You can also install postgis to the template1 database template which is inherited by default by all newly created database.

$ psql -U postgres -d template1 -c "CREATE EXTENSION postgis;"

All new databases created from this point will have the postgis extension installed, including Django's test database, unless they specify a different template when creating a database.

If having postgis installed to all newly created databases is not desirable, you can create a new template, install postgis in it, and then have Django use this template when creating the test database.

$ createdb template_postgis;  # create a new database
$ psql -U postgres -c "UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template_postgis';"  # make it a template
$ psql -U postgres -d template_postgis -c "CREATE EXTENSION postgis;"  # install postgis in it

Then in Django settings:

...
DATABASES = {
    'default': {
        ...
        'TEST': {
            'TEMPLATE': 'template_postgis',
        },
    },
}

Solution 5 - Database

A safe way to do this without delegating superuser privileges would be to access the database in which we are executing the query with a user with a superuser role such as postgres.

$ sudo -u postgres psql <db_name>

<db_name>#= CREATE EXTENSION IF NOT EXISTS <your-extension>;

This way you don't expose security and you can believe the extension in the db.

GL

Solution 6 - Database

As of Postgres 13, some modules / extensions are considered "trusted", and can be installed by non-superusers who have CREATE privilege on the current database.

The trusted modules are: btree_gin, btree_gist, citext, cube, dict_int, fuzzystrmatch, hstore, intarray, isn, lo, ltree, pgcrypto, pg_trgm, seg, tablefunc, tcn, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp

To check whether a given module is eligible, visit https://www.postgresql.org/docs/13/contrib.html and select the module in question. If it is considered "trusted", the page will contain the sentence:

> This module is considered “trusted”, that is, it can be installed by non-superusers who have CREATE privilege on the current database.

Categories
Recommended Database Solutions
Recommended Postgresql Solutions
Recommended Postgresql 9.1 Solutions

Previous Solution:

EF 5 Enable-Migrations : No context type was found in the assembly

C#Entity Frameworkasp.net Mvc-4Entity Framework-Migrations

Next Solution:

Change variable name in for loop using R

R

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
Questionuser9903View Question on Stackoverflow
Solution 1 - Databaseuser9903View Answer on Stackoverflow
Solution 2 - DatabaseArielView Answer on Stackoverflow
Solution 3 - DatabaseHarry MorenoView Answer on Stackoverflow
Solution 4 - Databaseuser73657View Answer on Stackoverflow
Solution 5 - DatabaseBraian CoronelView Answer on Stackoverflow
Solution 6 - DatabasePeter ThomassenView Answer on Stackoverflow