Re: [PATCHES] Run-as-admin warning for win32

Tom Lane said: Bruce Momjian [EMAIL PROTECTED] writes: Tom Lane wrote: Why? If we refuse to run as root on Unix, I do not see an argument for being more forgiving on Windows. I am not sure it is as easy to run as non-admin on Win32 as it is to run as non-root on Unix. Is it? Ease of use

Re: [PATCHES] Run-as-admin warning for win32

2. Are you sure Powerusers is such a good idea? It's the default for all non-admin users. When Postgres becomes a service, it's going to be relatively easy to configure it to run as a low-priv user. Until then, however, isn't it too difficult for admins to set up the system for it to run as a

Re: [PATCHES] Run-as-admin warning for win32

Thomas Hallgren wrote: http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596 Link does not work. Exerpt: Unfortunately, these permissions are also the same permissions that allow power users to: ? Introduce Trojan horses that, if executed by

Re: [PATCHES] Run-as-admin warning for win32

Sorry. That link was internal to the document. This one should work. http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/SecDefs2003.doc Regards, Thomas Hallgren Shachar Shemesh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thomas Hallgren wrote:

Re: [PATCHES] Run-as-admin warning for win32

1. You forgot to check localsystem, as well as domain admins. These two have even higher permissions than the ones you test for, and one of them is the default if Postgre ever makes it to become a service. Not at all. Local System is a member of the Administrators group (no, it doesn't

Re: [PATCHES] Run-as-admin warning for win32

Why? If we refuse to run as root on Unix, I do not see an argument for being more forgiving on Windows. I am not sure it is as easy to run as non-admin on Win32 as it is to run as non-root on Unix. Is it? It is a little bit more tricky, but not much. I'd say it's more a factor

Re: [PATCHES] win32 service proposal

I played a bit with that code. According to Microsoft samples for service managers, errors and events should be logged to eventlog. so I added a function (almost copy of sample service code), it's a messy, but it was enough to see what is happening with the service. Consider using

Re: [PATCHES] Run-as-admin warning for win32

. if the installer is running as Administrator, it should create a Postgres user IOW, we need to make it as easy as possible to be secure. No objection to that idea ... I don't think we should create a postgres user. We should tell the guy who installs it to do that, and have him tell

Re: [PATCHES] Run-as-admin warning for win32

Magnus Hagander wrote: . if the installer is running as Administrator, it should create a Postgres user IOW, we need to make it as easy as possible to be secure. No objection to that idea ... I don't think we should create a postgres user. We should tell the guy who installs it

Re: [PATCHES] Run-as-admin warning for win32

Magnus Hagander wrote: . if the installer is running as Administrator, it should create a Postgres user IOW, we need to make it as easy as possible to be secure. No objection to that idea ... I don't think we should create a postgres user. We should tell the guy who installs

Re: [PATCHES] Run-as-admin warning for win32

Magnus Hagander wrote: The installer-skeleton I have right now permits installation as local system but recommends a user account. But that's just functionality to remove, so that's easily done. In the other case, it prompts for username and password to run as. How would

Re: [PATCHES] Run-as-admin warning for win32

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Momjian Sent: 04 May 2004 16:08 To: Magnus Hagander Cc: Tom Lane; Andrew Dunstan; [EMAIL PROTECTED] Subject: Re: [PATCHES] Run-as-admin warning for win32 Magnus Hagander wrote: The

Re: [PATCHES] Run-as-admin warning for win32

Mark Cave-Ayland wrote: Just listening in on this thread I would be inclined to agree that the Win32 PostgeSQL should run under its own user given the history of Windows security. FWIW I know that Installshield (one of the most popular installers) and the default settings for MSI mean that

[PATCHES] Function to do runtime relative directory mapping

Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: Tom Lane wrote: I guess what you are saying is we should have a configure-time option to address configured directories via relative paths from the executable's directory, rather than absolute paths? Seems reasonable ... Yep.

Re: [PATCHES] [pgsql-hackers-win32] Function to do runtime relative directory

Bruce Momjian wrote: + if (toupper(*src) != toupper(*src)) Shouldn't this be if (toupper(*src) != toupper(*dst)) ? For completeness, you should probably also check for network drive paths (\\machine\sharename\foo). I also think we should just canonicalise everything early, and then

Re: [PATCHES] [pgsql-hackers-win32] Function to do runtime relative directory

Andrew Dunstan wrote: Bruce Momjian wrote: + if (toupper(*src) != toupper(*src)) Shouldn't this be if (toupper(*src) != toupper(*dst)) ? Yep, fixed. For completeness, you should probably also check for network drive paths (\\machine\sharename\foo). Oh, OK. I

Re: [PATCHES] [pgsql-hackers-win32] Function to do runtime relative directory

Bruce Momjian wrote: Andrew Dunstan wrote: I must confess I think this scheme is overkill - I can't think of a use case where one would want a relocatable installation which would any pattern other than the one we are thinking of for the windows binary installer. Are we taking flexibility too