Re: BUG #5475: Problem during Instalation

On Wed, Jun 9, 2010 at 10:03 AM, Craig Ringer
<craig(at)postnewspapers(dot)com(dot)au> wrote:
> - During the install, test for the existence of a 'postgres' user
> account before displaying the password prompt panel of the installer
> "wizard".
>
> - If such an account does not exist, display the existing UI password
> prompt ui with simplified language indicating that you're creating a new
> password not entering one already set. People seem to struggle with this
> at present.
>
> - If such an account already exists, tell the user that PostgreSQL has
> been installed in the past or another version is currently installed, so
> they must provide the password that was supplied during that prior
> installation. If they do not know the password, they may press an
> offered "reset password" button to enter a new one, but they're warned
> that doing so will cause any other versions of PostgreSQL to stop working.

The current message is:

Please provide a password for the database superuser (${superaccount})
and service account (${serviceaccount}). If the service account
already exists in Windows, you must enter the current password for the
account. If the account does not exist, it will be created when you
click 'Next'.

Or, in upgrade mode:

Please provide a password for service account (${serviceaccount}).

There is a point beyond which further simplification of text really
doesn't help (because people just aren't reading it in the first
place). Personally, I think we're pretty darn close to that point, but
I'm open to better phrasing.

I'm unconvinced that the extra complexity involved in checking the
existence of the service account to tweak the message is worthwhile. I
don't think it buys us extra simplicity that would suddenly make
people understand.

> ------ or possibly ..... --------
>
> - When the postgres user password is reset on the PostgreSQL service via
> the Pg installer, update or offer to update *all* service registrations
> for any service using the postgres account so that they use the same
> password, thus avoiding breaking old versions when the user has
> forgotten the service account password.

That would break any of them that have implemented anything like your
previous suggestion (with the password stored in the registry). Plus,
an installation of PostgreSQL should never modify any other software
that may be installed, imho.

A hint, or button to fire up the computer management MMC might be
feasible, but I'm not entirely sure. I've seen these sort of bug
report from people who have never ventured into the stuff in the
Administrative Tools folder, so even guiding them there may not help.

>> So how would you install something like pgAgent, which you would most
>> likely want to run under the same account?
>
> Installers run as admin; it'd read the registry key during installation
> and use it for the CreateService call.

That might work for one of our installers, but not if someone installs
manually, or using a 3rd party package.

> OTOH, if it's a generated password, leaking it has little effect as it's
> unique to the machine and only grants access to a service account that
> the admin user already has access to by virtue of their admin status on
> that machine.

Which breaks any audit trail because you have no way of knowing which
admin may login as the service user.

--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise Postgres Company