Skip site navigation (1) Skip section navigation (2)

Re: PgSQL not as Administrator - probs on w

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Gary Doades" <gpd(at)gpdnet(dot)co(dot)uk>,<pgsql-hackers-win32(at)postgresql(dot)org>
Subject: Re: PgSQL not as Administrator - probs on w
Date: 2004-07-04 13:48:38
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE34BDD4@algol.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-hackers-win32
>> We very much do *not* want to go grant a privilege to 
>administrator that
>> it doesn't already have. If it is required, it should be 
>done manually
>> by the administrator himself. 
>> 
>> (Oh, and the resource kit is very much *NOT* free. It's a licensed
>> product like others. The supplement is like a servicepack - you still
>> need the original kit license)
>> 
>
>Once again you are right. I thought that you may be able to only grant 
>the permission for the duration of initdb etc, but there are other 
>problems with this anyway.

Yeah. You can enable the privilege temporarily, but actually granting it
in the account database is a bigger operation. (Not to mention how many
eventlog monitors/IDS systems the install is going to trigger if it does
that)


>One other thought. I bit OTT maybe, but if NT does not have a "runas" 
>service then why not make one? As we know this is not a problem in 
>2000 onwards as the "RunAs" service exists. It should be possible to 
>create a service just for the purpose of running initdb (or 
>postmaster). A 
>service running as local system has the privileges required I 
>believe. If 
>the service could only start initdb/postmaster then it should 
>not pose a 
>security risk.

Yeah, that's the uglier way to do it. We could even create a temporary
service, start it, wait for it to stop by itself, and then remove it. 

//Magnus

pgsql-hackers-win32 by date

Next:From: Gary DoadesDate: 2004-07-04 13:58:37
Subject: Re: initdb crash
Previous:From: Magnus HaganderDate: 2004-07-04 13:47:18
Subject: Re: initdb crash

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group