Re: Run-as-admin warning for win32

From: Shachar Shemesh <psql(at)shemesh(dot)biz>
To: Magnus Hagander <mha(at)sollentuna(dot)net>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: Run-as-admin warning for win32
Date: 2004-05-04 02:37:35
Message-ID: 409701EF.6030002@shemesh.biz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

1. You forgot to check "localsystem", as well as "domain admins". These
two have even higher permissions than the ones you test for, and one of
them is the default if Postgre ever makes it to become a service.
2. Are you sure "Powerusers" is such a good idea? It's the default for
all non-admin users. When Postgres becomes a service, it's going to be
relatively easy to configure it to run as a low-priv user. Until then,
however, isn't it too difficult for admins to set up the system for it
to run as a different user?

Shachar

Magnus Hagander wrote:

>For review, comments and possible application to HEAD.
>
>This code implements a warning when the postmaster is started as a
>high-privilege account on win32 (administrator or power users).
>Previously, postgresql has exited out on Unix when running as root -
>this is a similar check, with the following differences:
>
>* We do a ereport(WARNING) instead of exitting out. The reason for this
>is that we can expect there are win32 admins that will want to run the
>server with a high privilege account. Just sending a warning will permit
>this (say, when debugging etc, or if people are just too lazy to care),
>while clearly stating it's not a recommended way to do it.
>
>* The Unix check is directly in main.c. We cannot do this on win32,
>because at this stage we can only printf and exit. Win32 needs ereport.
>Consider when runinng as a service - before we have loaded up
>postgresql.conf and noticed we should write to the eventlog, we cannot
>inform the user in any way (stderr = /dev/null from a service by
>default). Therefor, the win32 check is in PostmasterMain. There might be
>a slightly better place to put it, not 100% sure about that..
>
>
>The win32 specific code is mainly in the file security.c to go in
>src/backend/port/win32.
>
>
>//Magnus
>
>
>
> <<security.c>> <<admin_warning.patch>>
>
>
>------------------------------------------------------------------------
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 4: Don't 'kill -9' the postmaster
>
>

--
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2004-05-04 03:50:50 Re: smgr cleanup
Previous Message Alvaro Herrera 2004-05-04 02:08:40 smgr cleanup