Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

On Fri, Nov 6, 2015 at 1:00 AM, Breen Hagan <breen(at)rtda(dot)com> wrote:
> Michael,

(You should avoid top-posting, this breaks the logic of a thread).

> I'm pretty sure your patch will fix my issue, but perhaps it should be a
> positive check for SE_GROUP_ENABLED?

If we want to be completely consistent with pgwin32_is_admin, that
would be actually the opposite: Postgres should not start with an SID
that has administrator's rights for security reasons.

Btw, I think that you would be interested in this patch as well:
http://www.postgresql.org/message-id/CAB7nPqR=FsgqOsQL6qUC04XWbZ93Q9BC-qEmHu2Cvh8uMRNrNQ@mail.gmail.com
This makes pgwin32_is_service available for frontend applications as
well, hence you would not need to duplicate any upstream code and just
reuse it for your scripts. That's material for 9.6~ though. I am
actually planning to fix an old bug in pg_ctl handling of a service
using that.

> I say "perhaps" because the last time
> I did any serious Windows coding was 2005.

That's short considering these day's life average expectancy.
--
Michael