From: | Krystian Bigaj <krystian(dot)bigaj(at)gmail(dot)com> |
---|---|
To: | boca2608 <boca2608(at)gmail(dot)com> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account |
Date: | 2014-06-12 14:41:57 |
Message-ID: | CAN=kAeEjMb4=y6qupLLRpeygjykDfT0Gj6Pr_DQ0MfJORBxWxQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 12 June 2014 15:59, boca2608 <boca2608(at)gmail(dot)com> wrote:
> Krystian Bigaj replied this in a separate email, which led to some
> interesting information that I would like to share in this mailing list.
>
> He suggested the use of the "Process Monitor" app to log the process events
> during the startup of the service and look for "ACCESS DENIED" errors.
> Here
> is what I found. During the startup, there were indeed several ACCESS
> DENIED errors:
>
> Date & Time: 6/12/2014 9:27:41 AM
> Event Class: Registry
> Operation: RegOpenKey
> Result: ACCESS DENIED
> Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File
> Execution
> Options
> TID: 1964
> Duration: 0.0000451
> Desired Access: Query Value, Enumerate Sub KeysI had similar problem (but
> with initdb.exe).
Solution in your case is to add BUILTIN\Users group to your "postgres"
account (this which you will use to start PG service).
Let me know if this helps.
PS. Don't change permissions on registry/file, because you will end up with
a mess :)
Of course your PG data directory must have Full access for postgress
account. Also your binaries must have a Read+Execute access for postgress.
In most cases adding that BUILTIN\Users group to postgress will work, but I
had a case, where end-user installed our software on drive where Users
group had Deny permissions.
To sum it all:
- directory with your pgdata - Full access for postgress account
- PG installation dir (so parent of bin) - Read+Execute for postgress
account
- postgres account must be member of BUILTIN\Users (!)
- if you are redirecting Log to other directory, then this dir also have to
Full access for postgres account.
(I'm using "NT AUTHORITY\NetworkService" account)
Best regards,
Krystian Bigaj
From | Date | Subject | |
---|---|---|---|
Next Message | Krystian Bigaj | 2014-06-12 14:54:45 | Re: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account |
Previous Message | Magnus Hagander | 2014-06-12 14:26:45 | Re: OpenSSL Vulnerabilities |