| From: | Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> |
|---|---|
| To: | MauMau <maumau307(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [bug fix] pg_ctl fails with config-only directory |
| Date: | 2013-12-07 07:50:22 |
| Message-ID: | CAA4eK1+FPnqsd1TEYMU5A-msBmC73XezXogf0GFEAr_XQdt3mA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 5, 2013 at 6:30 PM, MauMau <maumau307(at)gmail(dot)com> wrote:
> From: "Amit Kapila" <amit(dot)kapila16(at)gmail(dot)com>
>>
>> On Wed, Dec 4, 2013 at 7:57 PM, MauMau <maumau307(at)gmail(dot)com> wrote:
>>>
>>
>> Approach-2 has been discussed previously to resolve it and it doesn't seem
>> to be
>> a good way to handle it. Please refer link:
>> http://www.postgresql.org/message-id/1339601668-sup-4658@alvh.no-ip.org
>>
>> You can go through that mail chain and see if there can be a better
>> solution than Approach-2.
>
>
> Thanks for the info. I understand your feeling, but we need to be
> practical. I believe we should not leave a bug and inconvenience by
> worrying about theory too much. In addition to the config-only directory,
> the DBA with admin privs will naturally want to run "postgres -C" and
> "postgres --describe-config", because they are useful and so described in
> the manual. I don't see any (at least big) risk in allowing postgres
> -C/--describe-config to run with admin privs.
Today, I had again gone through all the discussion that happened at
that time related to this problem
and I found that later in discussion it was discussed something on
lines as your Approach-2,
please see the link
http://www.postgresql.org/message-id/503A879C.6070703@dunslane.net
> In addition, recent Windows
> versions help to secure the system by revoking admin privs with UAC, don't
> they? Disabling UAC is not recommended.
>
> I couldn't find a way to let postgres delete its token groups from its own
> primary access token. There doesn't seem to be a reasonably clean and good
> way.
Wouldn't the other way to resolve this problem be reinvoke pg_ctl in
non-restricted mode for the case in question?
> So I had to choose approach 2. Please find attached the patch. This simple
> and not-complex change worked well. I'd like to add this to 2014-1
> commitfest this weekend unless a better approach is proposed.
I think it is important to resolve this problem, so please godhead and
upload this patch to next CF.
With Regards,
Amit Kapila.
EnterpriseDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2013-12-07 08:12:40 | Re: Extension Templates S03E11 |
| Previous Message | Fabien COELHO | 2013-12-07 07:17:56 | Re: ANALYZE sampling is too good |