From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Dave Page <dpage(at)postgresql(dot)org> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)postgresql(dot)org>, pgsql-committers(at)postgresql(dot)org |
Subject: | Re: pgsql: Adjust user-facing documentation to explain why we don't check |
Date: | 2007-02-20 19:47:10 |
Message-ID: | 45DB503E.7060402@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
>>> I think the only thing you could do would be to specify that the user
>>> and only the user have full control over the file. *Any* other ACL
>>> entries, deny or allow, are not allowed. Access via a group is not allowed.
>> That will break every default install in the world. They will all
>> contain at least ACLs for Administrators and SYSTEM. If they're in a
>> domain, also the admins from the domain. Not sure about power users. And
>> in a domain, it's not uncommon at all to push down a group of people in
>> IT who have access to users profiles to fix things. Etc.
>
> Yes - and not knowing who is/should be in the default ACL is exactly the
> problem.
>
> The only thing that will *break* though is libpq which would do the same
> thing as it would on *nix if the mode was 0622 or whatever. It's not
> going to break Windows or the users profile if the ACL on their pgpass
> file is tightened up.
It would break insofar that it wouldn't work. the pgpass file. It will
of course not break *windows*, but people will consider PostgreSQL broken.
>>> Now the next problem is how this should be set on Home Editions which do
>>> their best to hide ACLs from the user. I suppose we could just document
>>> the correct cacls command line to get exactly the acl we want.
>> I seriously don't think that will ever work, if we're broken on the
>> *default install*. If we're fine on default, and someone has changed it,
>> then they can likely fix it if they have the instructions. But if we
>> break the default install, we're out.
>
> huh?
If we don't work with a default install, people will not use it. We get
enough complaints of the run-as-admin stuff, and that only breaks if the
user has changed things away from the default.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2007-02-20 19:54:45 | Re: pgsql: Adjust user-facing documentation to explain why we don't check |
Previous Message | Andrew Dunstan | 2007-02-20 19:46:40 | Re: pgsql: Adjust user-facing documentation to explain why we don't check |