On Thu, Dec 5, 2013 at 6:30 PM, MauMau <maumau...@gmail.com> wrote:
> From: "Amit Kapila" <amit.kapil...@gmail.com>
>> On Wed, Dec 4, 2013 at 7:57 PM, MauMau <maumau...@gmail.com> wrote:
>> Approach-2 has been discussed previously to resolve it and it doesn't seem
>> to be
>> a good way to handle it. Please refer link:
>> You can go through that mail chain and see if there can be a better
>> solution than Approach-2.
> Thanks for the info. I understand your feeling, but we need to be
> practical. I believe we should not leave a bug and inconvenience by
> worrying about theory too much. In addition to the config-only directory,
> the DBA with admin privs will naturally want to run "postgres -C" and
> "postgres --describe-config", because they are useful and so described in
> the manual. I don't see any (at least big) risk in allowing postgres
> -C/--describe-config to run with admin privs.
Today, I had again gone through all the discussion that happened at
that time related to this problem
and I found that later in discussion it was discussed something on
lines as your Approach-2,
please see the link
> In addition, recent Windows
> versions help to secure the system by revoking admin privs with UAC, don't
> they? Disabling UAC is not recommended.
> I couldn't find a way to let postgres delete its token groups from its own
> primary access token. There doesn't seem to be a reasonably clean and good
Wouldn't the other way to resolve this problem be reinvoke pg_ctl in
non-restricted mode for the case in question?
> So I had to choose approach 2. Please find attached the patch. This simple
> and not-complex change worked well. I'd like to add this to 2014-1
> commitfest this weekend unless a better approach is proposed.
I think it is important to resolve this problem, so please godhead and
upload this patch to next CF.
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: