Re: lowering pg_regress privileges on Windows

On Fri, Oct 19, 2018 at 1:13 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Thu, Oct 18, 2018 at 08:31:11AM -0400, Andrew Dunstan wrote:
> > The attached ridiculously tiny patch solves the problem whereby while we can
> > run Postgres on Windows safely from an Administrator account, we can't run
> > run the regression tests from the same account, since it fails on the
> > tablespace test, the tablespace directory having been set up without first
> > having lowered privileges. The solution is to lower pg_regress' privileges
> > in the same way that we do with other binaries. This is useful in setups
> > like Appveyor where running under any other account is ... difficult. For
> > the cfbot Thomas has had to make the script hack the schedule file to omit
> > the tablespace test. This would make that redundant.
> >
> > I propose to backpatch this. It's close enough to a bug and the risk is
> > almost infinitely small.
>
> +1. get_restricted_token() refactoring has been done down to
> REL9_5_STABLE. With 9.4 and older you would need to copy again this
> full routine into pg_regress.c, which is in my opinion not worth
> worrying about.

FWIW here is a successful Appveyor build including the full test
schedule (CI patch attached in case anyone is interested). Woohoo!
Thanks for figuring that out Andrew. I will be very happy to remove
that wart from my workflows.

https://ci.appveyor.com/project/macdice/postgres/builds/19626669

--
Thomas Munro
http://www.enterprisedb.com