On Tue, Nov 15, 2005 at 08:10:40AM -0800, Stephan Szabo wrote:
> On Tue, 15 Nov 2005 eric.leguillier@mpsa.com wrote:
>
> > I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
> > OPTION) allow a privileged administrator to run PostGre.
>
> Well, to start with, it increases the support costs of the product as a
> whole to the community. Adding an option with severe security implications
> is not free, at least not if you want to be reasonably diligent about
> minimizing and documenting the risks. Generally the community tries to
> take that seriously, so IMHO just assuming that anyone who sets it knows
> the risks isn't acceptable.
>
> Why don't we actually start looking at the actual implications and see
> what we can do about them, rather than either assuming they're too great
> or too minimal. Maybe we'll come up with solutions to current problems as
> well.
To expand on that, someone has suggested the use of runas, so it would
be good to see how that works.
The problem here isn't that PostgreSQL refuses to run with admin
privledges, it's that the Windows security model is brain-dead. IF it
can be shown that there is no reasonable way around Windows 'security'
and IF there is enough demand from users then the community might
consider a hack that allows running PostgreSQL from an admin account.
But as it stands right now, neither of those has been shown.
So as Stephan suggested, let's try looking at the root problem and see
if there's some way to fix that.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
