Quick Links

Re: BUG #16364: ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie installing with SCCM

From:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
To:	m_fysh(at)hotmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject:	Re: BUG #16364: ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie installing with SCCM
Date:	2020-04-20 09:11:22
Message-ID:	CANFyU97_S+btyceKAC2kctxXJosKEfP=vW54Y+jM3+UWG9JViQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

Hi,

This is a duplicate of BUG #16341.

We have generated a "test" installer with the fix for v11 and uploaded it
here
<https://drive.google.com/file/d/1XTQo9C3ZEwQ7KuwOXmwBhC3FE77-chAP/view>.
Could you please verify if it fixes the issue? If it does, then we would
release an update for all affected versions. Thank you.

On Wed, Apr 15, 2020 at 2:35 PM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:

> The following bug has been logged on the website:
>
> Bug reference: 16364
> Logged by: MF
> Email address: m_fysh(at)hotmail(dot)com
> PostgreSQL version: 12.2
> Operating system: Windows 10
> Description:
>
> ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie
> installing with SCCM
>
> System context has no user profile, the installer tries to set security
> permissions to domain\hostname
> The first call to icacls removes inheritance
> C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0"
> /inheritance:r
>
> The next call adds permissions for domain\hostname$ (this should be "NT
> AUTHORITY\SYSTEM" or "hostname\Administrators")
> Executing C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0" /T /Q /grant
> "COR\Txxx6767$:(OI)(CI)F"
>
> At that point the permissions on the folder have changed but the installer
> no longer has access to the folder contents
> So the next step fails
> Error running C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0" /T /Q /grant
> "CORP\TM10336767$:(OI)(CI)F":
> C:\Windows\Temp/postgresql_installer_9283e94fc0\*: Access is denied.
>
> To reproduce the error use the Sysinternals tool
> Open a cmd windows as admin the run
> psexec.exe -s -i cmd
> This will open a new CMD window in System context. install PostgreSQL
>
> When installing as just and ADMIN user (with profile)
> Executing icacls
> "C:\Users\USER_adm\AppData\Local\Temp/postgresql_installer_57a6af5619"
> /inheritance:r
> the user is still the owner of the folder so can still make changes to it.
>
> Note you are now adding the current user domain\user in the next call to
> icacls.exe
> Executing icacls
> "C:\Users\USER_adm\AppData\Local\Temp/postgresql_installer_57a6af5619" /T
> /Q
> /grant "COR\USER_adm:(OI)(CI)F"
> So an Admin User install will work
> But a System install will not.
>
> I tried this will 12.2.2, 12.2.1, 10.12.2
>
>

--
Sandeep Thakkar

In response to

BUG #16364: ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie installing with SCCM at 2020-04-15 06:31:29 from PG Bug reporting form

Responses

Re: BUG #16364: ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie installing with SCCM at 2020-04-24 00:19:27 from M Fysh

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Jehan-Guillaume de Rorthais	2020-04-20 12:22:35	Re: [BUG] non archived WAL removed during production crash recovery
Previous Message	Sandeep Thakkar	2020-04-20 09:09:54	Re: BUG #16341: Installation with EnterpriseDB Community installer in NT AUTHORITY\SYSTEM context not possible