Mark Cave-Ayland wrote:
> Just listening in on this thread I would be inclined to agree that
> the Win32 PostgeSQL should run under its own user given the history of
> Windows security. FWIW I know that Installshield (one of the most
> popular installers) and the default settings for MSI mean t
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Momjian
> Sent: 04 May 2004 16:08
> To: Magnus Hagander
> Cc: Tom Lane; Andrew Dunstan; [EMAIL PROTECTED]
> Subject: Re: [PATCHES] Run-as-admin warning for win32
>
&g
Bruce Momjian wrote:
I have never had to create a user to install any other software on my
laptop.
How much else that you have installed runs as a service?
OTOH, I just installed apache and it is running the service as
LocalSystem :-(
cheers
andrew
---(end of broadcast)
> > Yes, you need to create another user.
> > When running as a service, just tell the installer. It
> should set up
> > required permissions. Then start the service as normal using the
> > Service Control Manager.
> >
> > When running manually, you will have to grant the postgres user the
> >
Magnus Hagander wrote:
> > > The installer-skeleton I have right now permits
> > installation as local
> > > system but recommends a user account. But that's just
> > functionality to
> > > remove, so that's easily done. In the other case, it prompts for
> > > username and password to run as.
> > The installer-skeleton I have right now permits
> installation as local
> > system but recommends a user account. But that's just
> functionality to
> > remove, so that's easily done. In the other case, it prompts for
> > username and password to run as.
>
> How would it install on an XP
Magnus Hagander wrote:
> > > . if the installer is running as Administrator, it should create a
> > > Postgres user
> >
> > > IOW, we need to make it as easy as possible to be secure.
> >
> > No objection to that idea ...
>
> I don't think we should create a postgres user. We should tell the gu
Magnus Hagander wrote:
. if the installer is running as Administrator, it should create a
Postgres user
IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it
> > . if the installer is running as Administrator, it should create a
> > Postgres user
>
> > IOW, we need to make it as easy as possible to be secure.
>
> No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it to do that, and have
"Andrew Dunstan" <[EMAIL PROTECTED]> writes:
> . if the installer is running as Administrator, it should create a
> Postgres user
> IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
regards, tom lane
---(end o
> >> Why? If we refuse to run as root on Unix, I do not see an
> argument
> >> for being more forgiving on Windows.
>
> > I am not sure it is as easy to run as non-admin on Win32 as
> it is to
> > run as non-root on Unix. Is it?
It is a little bit more tricky, but not much. I'd say it's mor
> 1. You forgot to check "localsystem", as well as "domain
> admins". These two have even higher permissions than the ones
> you test for, and one of them is the default if Postgre ever
> makes it to become a service.
Not at all. Local System is a member of the Administrators group (no, it
does
Sorry. That link was internal to the document. This one should work.
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/SecDefs2003.doc
Regards,
Thomas Hallgren
"Shachar Shemesh" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Thomas Hallgren wrote:
Thomas Hallgren wrote:
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596
Link does not work.
Exerpt:
Unfortunately, these permissions are also the same permissions that allow
power users to:
? Introduce Trojan horses that, if executed by administrato
> 2. Are you sure "Powerusers" is such a good idea? It's the default for
> all non-admin users. When Postgres becomes a service, it's going to be
> relatively easy to configure it to run as a low-priv user. Until then,
> however, isn't it too difficult for admins to set up the system for it
> to ru
Tom Lane said:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
>> Tom Lane wrote:
>>> Why? If we refuse to run as root on Unix, I do not see an argument
>>> for being more forgiving on Windows.
>
>> I am not sure it is as easy to run as non-admin on Win32 as it is to
>> run as non-root on Unix. Is it
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Why? If we refuse to run as root on Unix, I do not see an argument for
>> being more forgiving on Windows.
> I am not sure it is as easy to run as non-admin on Win32 as it is to run
> as non-root on Unix. Is it?
Ease of use has noth
Tom Lane wrote:
> "Magnus Hagander" <[EMAIL PROTECTED]> writes:
> > Previously, postgresql has exited out on Unix when running as root -
> > this is a similar check, with the following differences:
>
> > * We do a ereport(WARNING) instead of exitting out.
>
> Why? If we refuse to run as root on
"Magnus Hagander" <[EMAIL PROTECTED]> writes:
> Previously, postgresql has exited out on Unix when running as root -
> this is a similar check, with the following differences:
> * We do a ereport(WARNING) instead of exitting out.
Why? If we refuse to run as root on Unix, I do not see an argument
1. You forgot to check "localsystem", as well as "domain admins". These
two have even higher permissions than the ones you test for, and one of
them is the default if Postgre ever makes it to become a service.
2. Are you sure "Powerusers" is such a good idea? It's the default for
all non-admin u
20 matches
Mail list logo
