| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
| Subject: | Re: lowering pg_regress privileges on Windows |
| Date: | 2018-10-19 00:13:41 |
| Message-ID: | 20181019001341.GD2099@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 18, 2018 at 08:31:11AM -0400, Andrew Dunstan wrote:
> The attached ridiculously tiny patch solves the problem whereby while we can
> run Postgres on Windows safely from an Administrator account, we can't run
> run the regression tests from the same account, since it fails on the
> tablespace test, the tablespace directory having been set up without first
> having lowered privileges. The solution is to lower pg_regress' privileges
> in the same way that we do with other binaries. This is useful in setups
> like Appveyor where running under any other account is ... difficult. For
> the cfbot Thomas has had to make the script hack the schedule file to omit
> the tablespace test. This would make that redundant.
>
> I propose to backpatch this. It's close enough to a bug and the risk is
> almost infinitely small.
+1. get_restricted_token() refactoring has been done down to
REL9_5_STABLE. With 9.4 and older you would need to copy again this
full routine into pg_regress.c, which is in my opinion not worth
worrying about.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2018-10-19 00:25:58 | Re: lowering pg_regress privileges on Windows |
| Previous Message | Michael Paquier | 2018-10-19 00:08:10 | Re: Function to promote standby servers |