> [] On Behalf Of Andres Freund
> As I asked before, why can't we delete all privs and add the explicitly
> needed once back (using AdjustTokenPrivileges)?

I tried it with pg_ctl.c attached to an earlier mail today, i.e. delete all 
privs with CreateRestrictedToken(DISABLE_ALL_PRIVILEGE) and enable Lock Pages 
in Memory with AdjustTokenPrivileges().  But it didn't work; 
AdjustTokenPrivileges() failed to enable the priv.  It's probably that 
CreateRestrictedToken() deletes (unassigns?) the privs from the access token, 
so subsequent AdjustTokenPrivileges() can no longer enable the priv.

Takayuki Tsunakawa

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to