Re: Run-as-admin warning for win32 - Mailing list pgsql-patches

From Shachar Shemesh
Subject Re: Run-as-admin warning for win32
Date
Msg-id 409701EF.6030002@shemesh.biz
Whole thread Raw
In response to Run-as-admin warning for win32  ("Magnus Hagander" <mha@sollentuna.net>)
List pgsql-patches
1. You forgot to check "localsystem", as well as "domain admins". These
two have even higher permissions than the ones you test for, and one of
them is the default if Postgre ever makes it to become a service.
2. Are you sure "Powerusers" is such a good idea? It's the default for
all non-admin users. When Postgres becomes a service, it's going to be
relatively easy to configure it to run as a low-priv user. Until then,
however, isn't it too difficult for admins to set up the system for it
to run as a different user?

             Shachar

Magnus Hagander wrote:

>For review, comments and possible application to HEAD.
>
>This code implements a warning when the postmaster is started as a
>high-privilege account on win32 (administrator or power users).
>Previously, postgresql has exited out on Unix when running as root -
>this is a similar check, with the following differences:
>
>* We do a ereport(WARNING) instead of exitting out. The reason for this
>is that we can expect there are win32 admins that will want to run the
>server with a high privilege account. Just sending a warning will permit
>this (say, when debugging etc, or if people are just too lazy to care),
>while clearly stating it's not a recommended way to do it.
>
>* The Unix check is directly in main.c. We cannot do this on win32,
>because at this stage we can only printf and exit. Win32 needs ereport.
>Consider when runinng as a service - before we have loaded up
>postgresql.conf and noticed we should write to the eventlog, we cannot
>inform the user in any way (stderr = /dev/null from a service by
>default). Therefor, the win32 check is in PostmasterMain. There might be
>a slightly better place to put it, not 100% sure about that..
>
>
>The win32 specific code is mainly in the file security.c to go in
>src/backend/port/win32.
>
>
>//Magnus
>
>
>
> <<security.c>>  <<admin_warning.patch>>
>
>
>------------------------------------------------------------------------
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 4: Don't 'kill -9' the postmaster
>
>


--
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

pgsql-patches by date:

Previous
From: Alvaro Herrera
Date:
Subject: smgr cleanup
Next
From: Tom Lane
Date:
Subject: Re: [PATCHES] Run-as-admin warning for win32