Re: BUG #16259: Cannot Use "pg_ctl start -l logfile" on Clean Install on Windows Server 2012/2016

Heath Lord <heath(dot)lord(at)crunchydata(dot)com> writes:
> Another interesting thing that we have found is that this issue
> only manifests
> itself if you are trying to launch the pg_ctl command as a privileged
> user. If you
> try to run this command as a user who is not an Administrator, then we do not
> see this issue. This is another reason why Dory does not exhibit this behavior.
> With this finding, it has to be something with how pg_ctl is restricting the
> user when running the postgres.exe command from the CMD.exe process,
> so we are not trying to launch postgres as a privileged user.

OOOHHH ... I think the light just went on, then. The reason we have
an issue is that we drop admin privileges (via CreateRestrictedProcess)
when we launch CMD.EXE, just below this. So we are still admin when
the new code touches the log file, and that's why it's getting created
with different privileges from files that the postmaster (or CMD.EXE)
would create.

The idea I'd had for a fix is that we don't need to actually create the
file if it's not there yet. All we need is to delay if it's there and
can't be opened. So rather than open for writing, I think we could open
for reading, along the lines of

FILE *fd = fopen(log_file, "r");

if (fd != NULL) /* we may just ignore any error */
fclose(fd);

The looping logic in pgwin32_open doesn't really care which kind
of access we're asking for.

BTW, we could make this at least slightly cheaper by using
open() not fopen().

Alexander, this was your patch to start with ... any thoughts?

regards, tom lane