Tom Lane said:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
>> Tom Lane wrote:
>>> Why? If we refuse to run as root on Unix, I do not see an argument
>>> for being more forgiving on Windows.
>
>> I am not sure it is as easy to run as non-admin on Win32 as it is to
>> run as non-root on Unix. Is it
> 2. Are you sure "Powerusers" is such a good idea? It's the default for
> all non-admin users. When Postgres becomes a service, it's going to be
> relatively easy to configure it to run as a low-priv user. Until then,
> however, isn't it too difficult for admins to set up the system for it
> to ru
Thomas Hallgren wrote:
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596
Link does not work.
Exerpt:
Unfortunately, these permissions are also the same permissions that allow
power users to:
? Introduce Trojan horses that, if executed by administrato
Sorry. That link was internal to the document. This one should work.
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/SecDefs2003.doc
Regards,
Thomas Hallgren
"Shachar Shemesh" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Thomas Hallgren wrote:
> 1. You forgot to check "localsystem", as well as "domain
> admins". These two have even higher permissions than the ones
> you test for, and one of them is the default if Postgre ever
> makes it to become a service.
Not at all. Local System is a member of the Administrators group (no, it
does
> >> Why? If we refuse to run as root on Unix, I do not see an
> argument
> >> for being more forgiving on Windows.
>
> > I am not sure it is as easy to run as non-admin on Win32 as
> it is to
> > run as non-root on Unix. Is it?
It is a little bit more tricky, but not much. I'd say it's mor
> I played a bit with that code. According to Microsoft samples
> for service managers, errors and events should be logged to
> eventlog. so I added a function (almost copy of sample
> service code), it's a messy, but it was enough to see what is
> happening with the service.
Consider using e
"Andrew Dunstan" <[EMAIL PROTECTED]> writes:
> . if the installer is running as Administrator, it should create a
> Postgres user
> IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
regards, tom lane
---(end o
On Tuesday 04 May 2004 13:47, Magnus Hagander wrote:
> > I played a bit with that code. According to Microsoft samples
> > for service managers, errors and events should be logged to
> > eventlog. so I added a function (almost copy of sample
> > service code), it's a messy, but it was enough to see
> > . if the installer is running as Administrator, it should create a
> > Postgres user
>
> > IOW, we need to make it as easy as possible to be secure.
>
> No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it to do that, and have
Magnus Hagander wrote:
. if the installer is running as Administrator, it should create a
Postgres user
IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it
Magnus Hagander wrote:
> > > . if the installer is running as Administrator, it should create a
> > > Postgres user
> >
> > > IOW, we need to make it as easy as possible to be secure.
> >
> > No objection to that idea ...
>
> I don't think we should create a postgres user. We should tell the gu
> > The installer-skeleton I have right now permits
> installation as local
> > system but recommends a user account. But that's just
> functionality to
> > remove, so that's easily done. In the other case, it prompts for
> > username and password to run as.
>
> How would it install on an XP
Magnus Hagander wrote:
> > > The installer-skeleton I have right now permits
> > installation as local
> > > system but recommends a user account. But that's just
> > functionality to
> > > remove, so that's easily done. In the other case, it prompts for
> > > username and password to run as.
> > Yes, you need to create another user.
> > When running as a service, just tell the installer. It
> should set up
> > required permissions. Then start the service as normal using the
> > Service Control Manager.
> >
> > When running manually, you will have to grant the postgres user the
> >
Bruce Momjian wrote:
I have never had to create a user to install any other software on my
laptop.
How much else that you have installed runs as a service?
OTOH, I just installed apache and it is running the service as
LocalSystem :-(
cheers
andrew
---(end of broadcast)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Momjian
> Sent: 04 May 2004 16:08
> To: Magnus Hagander
> Cc: Tom Lane; Andrew Dunstan; [EMAIL PROTECTED]
> Subject: Re: [PATCHES] Run-as-admin warning for win32
>
>
> Magnus Hagander wrote:
>
Mark Cave-Ayland wrote:
> Just listening in on this thread I would be inclined to agree that
> the Win32 PostgeSQL should run under its own user given the history of
> Windows security. FWIW I know that Installshield (one of the most
> popular installers) and the default settings for MSI mean t
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Tom Lane wrote:
> >> I guess what you are saying is we should have a configure-time option to
> >> address configured directories via relative paths from the executable's
> >> directory, rather than absolute paths? Seems reasonable ..
Bruce Momjian wrote:
+ if (toupper(*src) != toupper(*src))
Shouldn't this be
if (toupper(*src) != toupper(*dst))
?
For completeness, you should probably also check for network drive paths
("\\machine\sharename\foo").
I also think we should just canonicalise everything early, and then
Andrew Dunstan wrote:
> Bruce Momjian wrote:
>
> >+ if (toupper(*src) != toupper(*src))
> >
> >
>
> Shouldn't this be
>
> if (toupper(*src) != toupper(*dst))
>
> ?
>
Yep, fixed.
> For completeness, you should probably also check for network
> drive paths ("\\machine\sharename\foo
Bruce Momjian wrote:
Andrew Dunstan wrote:
I must confess I think this scheme is overkill - I can't think
of a use case where one would want a relocatable installation
which would any pattern other than the one we are thinking of
for the windows binary installer. Are we taking flexibility too
fa
On Sunday 02 May 2004 11:22, Fabien COELHO wrote:
> Dear patchers,
>
> please find attached my second patch submission for adding
> new aggregate functions:
>
> (1) boolean-and and boolean-or aggregates named bool_and and bool_or.
> they should correspond to standard sql every and some/any aggr
Neil,
Here it is :)
Cheers,
D
--
David Fetter [EMAIL PROTECTED] http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778
Remember to vote!
Index: doc/src/sgml/plperl.sgml
===
RCS file: /projects/cvsroot/pgsql-server/doc/
24 matches
Mail list logo
