Re: BUG #16364: ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie installing with SCCM

Thank you for verifying the test installer. The updated version (11.7-4) is
now available for download.

On Fri, Apr 24, 2020 at 5:49 AM M Fysh <m_fysh(at)hotmail(dot)com> wrote:

>
> Thank you for the quick response.
> I have tested the fix for V11 and it worked.
>
> Thank you
> Michael
>
> ------------------------------
> *From:* Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
> *Sent:* Monday, 20 April 2020 7:11 PM
> *To:* m_fysh(at)hotmail(dot)com <m_fysh(at)hotmail(dot)com>;
> pgsql-bugs(at)lists(dot)postgresql(dot)org <pgsql-bugs(at)lists(dot)postgresql(dot)org>
> *Subject:* Re: BUG #16364: ICACLS error when installing under system
> context "NT AUTHORITY\SYSTEM" ie installing with SCCM
>
> Hi,
>
> This is a duplicate of BUG #16341.
>
> We have generated a "test" installer with the fix for v11 and uploaded it
> here
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1XTQo9C3ZEwQ7KuwOXmwBhC3FE77-chAP%2Fview&data=02%7C01%7C%7C53a3af4acd514412f21a08d7e50ad25a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637229706954243674&sdata=rk3MogVB52rSiYIff2DgV9aPwekt0liQ%2BdLJ0Wi%2Fczg%3D&reserved=0>.
> Could you please verify if it fixes the issue? If it does, then we would
> release an update for all affected versions. Thank you.
>
> On Wed, Apr 15, 2020 at 2:35 PM PG Bug reporting form <
> noreply(at)postgresql(dot)org> wrote:
>
> The following bug has been logged on the website:
>
> Bug reference: 16364
> Logged by: MF
> Email address: m_fysh(at)hotmail(dot)com
> PostgreSQL version: 12.2
> Operating system: Windows 10
> Description:
>
> ICACLS error when installing under system context "NT AUTHORITY\SYSTEM" ie
> installing with SCCM
>
> System context has no user profile, the installer tries to set security
> permissions to domain\hostname
> The first call to icacls removes inheritance
> C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0"
> /inheritance:r
>
> The next call adds permissions for domain\hostname$ (this should be "NT
> AUTHORITY\SYSTEM" or "hostname\Administrators")
> Executing C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0" /T /Q /grant
> "COR\Txxx6767$:(OI)(CI)F"
>
> At that point the permissions on the folder have changed but the installer
> no longer has access to the folder contents
> So the next step fails
> Error running C:\WINDOWS\System32\icacls
> "C:\Windows\Temp/postgresql_installer_9283e94fc0" /T /Q /grant
> "CORP\TM10336767$:(OI)(CI)F":
> C:\Windows\Temp/postgresql_installer_9283e94fc0\*: Access is denied.
>
> To reproduce the error use the Sysinternals tool
> Open a cmd windows as admin the run
> psexec.exe -s -i cmd
> This will open a new CMD window in System context. install PostgreSQL
>
> When installing as just and ADMIN user (with profile)
> Executing icacls
> "C:\Users\USER_adm\AppData\Local\Temp/postgresql_installer_57a6af5619"
> /inheritance:r
> the user is still the owner of the folder so can still make changes to it.
>
> Note you are now adding the current user domain\user in the next call to
> icacls.exe
> Executing icacls
> "C:\Users\USER_adm\AppData\Local\Temp/postgresql_installer_57a6af5619" /T
> /Q
> /grant "COR\USER_adm:(OI)(CI)F"
> So an Admin User install will work
> But a System install will not.
>
> I tried this will 12.2.2, 12.2.1, 10.12.2
>
>
>
> --
> Sandeep Thakkar
>
>
>

--
Sandeep Thakkar