1. You forgot to check "localsystem", as well as "domain admins". These two have even higher permissions than the ones you test for, and one of them is the default if Postgre ever makes it to become a service.
2. Are you sure "Powerusers" is such a good idea? It's the default for all non-admin users. When Postgres becomes a service, it's going to be relatively easy to configure it to run as a low-priv user. Until then, however, isn't it too difficult for admins to set up the system for it to run as a different user?


Magnus Hagander wrote:

For review, comments and possible application to HEAD.

This code implements a warning when the postmaster is started as a
high-privilege account on win32 (administrator or power users).
Previously, postgresql has exited out on Unix when running as root -
this is a similar check, with the following differences:

* We do a ereport(WARNING) instead of exitting out. The reason for this
is that we can expect there are win32 admins that will want to run the
server with a high privilege account. Just sending a warning will permit
this (say, when debugging etc, or if people are just too lazy to care),
while clearly stating it's not a recommended way to do it.

* The Unix check is directly in main.c. We cannot do this on win32,
because at this stage we can only printf and exit. Win32 needs ereport.
Consider when runinng as a service - before we have loaded up
postgresql.conf and noticed we should write to the eventlog, we cannot
inform the user in any way (stderr = /dev/null from a service by
default). Therefor, the win32 check is in PostmasterMain. There might be
a slightly better place to put it, not 100% sure about that..

The win32 specific code is mainly in the file security.c to go in src/backend/port/win32.


<<security.c>> <<admin_warning.patch>>


---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Shachar Shemesh
Lingnu Open Source Consulting

---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Reply via email to