Quick Links

initdb -S versus superuser check and Windows restricted mode

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	pgsql-hackers(at)postgreSQL(dot)org
Subject:	initdb -S versus superuser check and Windows restricted mode
Date:	2015-05-29 21:08:47
Message-ID:	4389.1432933727@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I noticed that if you use "initdb -S", the code does its thing and
exits without ever calling get_restricted_token(). It doesn't get
to get_id() where the no-superuser check is, either. Is this OK,
or should we reorder the operations so that fsyncing is done with
the usual restricted privileges?

You could argue that it's harmless to let root do a bunch of fsyncs,
and that's probably true, but on the other hand this doesn't meet
our usual expectations that no significant PG code runs as root.

Thoughts?

regards, tom lane

Responses

Re: initdb -S versus superuser check and Windows restricted mode at 2015-05-30 08:19:50 from Michael Paquier

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Josh Berkus	2015-05-29 21:09:56	Re: RFC: Remove contrib entirely
Previous Message	Peter Geoghegan	2015-05-29 21:08:21	Re: RFC: Remove contrib entirely