| From: | "Gary Doades" <gpd(at)gpdnet(dot)co(dot)uk> |
|---|---|
| To: | pgsql-hackers-win32(at)postgresql(dot)org |
| Subject: | Re: PgSQL not as Administrator - probs on w |
| Date: | 2004-07-04 12:21:27 |
| Message-ID: | 40E80457.7491.E175FAB@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers-win32 |
On 4 Jul 2004 at 13:07, Magnus Hagander wrote:
> We very much do *not* want to go grant a privilege to administrator that
> it doesn't already have. If it is required, it should be done manually
> by the administrator himself.
>
> (Oh, and the resource kit is very much *NOT* free. It's a licensed
> product like others. The supplement is like a servicepack - you still
> need the original kit license)
>
Once again you are right. I thought that you may be able to only grant
the permission for the duration of initdb etc, but there are other
problems with this anyway.
One other thought. I bit OTT maybe, but if NT does not have a "runas"
service then why not make one? As we know this is not a problem in
2000 onwards as the "RunAs" service exists. It should be possible to
create a service just for the purpose of running initdb (or postmaster). A
service running as local system has the privileges required I believe. If
the service could only start initdb/postmaster then it should not pose a
security risk.
Cheers,
Gary.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gary Doades | 2004-07-04 12:26:03 | Re: initdb crash |
| Previous Message | Magnus Hagander | 2004-07-04 11:49:25 | Re: initdb crash |