Re: Bug with initDB under windows 2003 - Mailing list pgsql-hackers

Hi Magnus,<br />  <br /> After trying to unlock the nul device using:<br />
 Subinacl /service NULL /grant="authenticated users"=QSEILU<br/>  <br /><font color="#ff0000">It doesn't solve the
problem(even after restating the machine) </font><br />  <br /> Here is the new output from running
"Subinacl /service NULL"after the change<br />  <br /> For Administrator:<br />  <br /><br />==============<br
/>+ServiceNULL<br />==============<br />/control=0x0<br />/owner             =system<br />/primary group     =system<br
/>/auditace count   =1<br />/aace =everyone         SYSTEM_AUDIT_ACE_TYPE-0x2<br />       
FAILED_ACCESS_ACE_FLAG-<font>0x80</font>   FAILED_ACCESS_ACE_FLAG-0x0x80<br />        SERVICE_ALL_ACCESS<br />/perm.
acecount   =6<br />/pace =system   ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br />       
SERVICE_QUERY_CONFIG-0x1          SERVICE_QUERY_STATUS-0x4           SERVICE_ENUMERATE_DEPEND-0x8<br />       
SERVICE_START-0x10                SERVICE_STOP-0x20                  SERVICE_PAUSE_CONTINUE-0x40        SERVICE<br
/>_INTERROGATE-0x80<br/>        READ_CONTROL-0x20000               SERVICE_USER_DEFINED_CONTROL-0x0100<br />/pace
=builtin\administrators  ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br />        SERVICE_ALL_ACCESS<br />/pace
=interactive     ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br />        SERVICE_QUERY_CONFIG-0x1          
SERVICE_QUERY_STATUS-0x4          SERVICE_ENUMERATE_DEPEND-0x8<br />       
SERVICE_INTERROGATE-<font>0x80</font>          READ_CONTROL-0x20000              
SERVICE_USER_DEFINED_CONTROL-0x0100<br/>/pace =service  ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br />       
SERVICE_QUERY_CONFIG-0x1          SERVICE_QUERY_STATUS-0x4           SERVICE_ENUMERATE_DEPEND-0x8<br />       
SERVICE_INTERROGATE-<font>0x80</font>          READ_CONTROL-0x20000              
SERVICE_USER_DEFINED_CONTROL-0x0100<br/>/pace =builtin\power users      ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br
/>       SERVICE_QUERY_CONFIG-0x1           SERVICE_QUERY_STATUS-0x4           SERVICE_ENUMERATE_DEPEND-0x8<br
/>       SERVICE_START-0x10                 SERVICE_STOP-0x20                  SERVICE_PAUSE_CONTINUE-0x40       
SERVICE<br/>_INTERROGATE-0x80<br />        READ_CONTROL-0x20000               SERVICE_USER_DEFINED_CONTROL-0x0100<br
/>/pace=authenticated users      ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br />       
SERVICE_QUERY_CONFIG-0x1          SERVICE_QUERY_STATUS-0x4           SERVICE_ENUMERATE_DEPEND-0x8<br />       
SERVICE_INTERROGATE-<font>0x80</font>          READ_CONTROL-0x20000              
SERVICE_USER_DEFINED_CONTROL-0x0100<br/><br />Elapsed Time: 00 00:00:00<br />Done:        1, Modified        0,
Failed       0, Syntax errors        0<br />Last Done  : NULL<br /><br /><br />Anyway,<br /> It obvious that it some
kindof permission issue, but even if this command would have solved the problem it is still mean that the installer
shellrun that command  before calling to <font>initDB, in order to</font> validate that the user can run the initDB (as
itwritten today), Or adding limitation\Warning to the user for known issue and suggest the workaround device,<br /> Or
<br/> Changing the initDB code that it should test the nul device permission before forwarding output to there<br />
Or<br/> Fix the code as I suggested (but unfortunately rejected by Tom).<br />  <br /> Regards<br /> Dror<br /><br
/><br/><hr id="stopSpelling" /><br /> > Subject: RE: [HACKERS] Bug with initDB under windows 2003<br />> Date:
Mon,21 Aug 2006 13:26:11 +0200<br />> From: mha@sollentuna.net<br />> To: dror_b@hotmail.com;
kleptog@svana.org<br/>> CC: pgsql-hackers@postgresql.org<br />> <br />>
> > I'd be interested in seeing the output from the command:<br/>> > > Subinacl /service NULL<br />>
> ><br/>> > > On a system where this does not work.<br />> > ><br />> > <br />>
> Here is the output for "Subinacl /service NULL"<br/>>
> Both, for the Administrator user and for the Postgres user:<br/>> <br />> Thanks.<br />> <br />> <br
/>>> Postgres user:<br />> > >Subinacl /service NULL<br />>
> SeSecurityPrivilege : Access is denied.<br/>>
> WARNING :Unable to set SeSecurityPrivilege privilege. This<br/>> > privilege may be required.<br />>
> Error OpenSCManager : Access is denied.<br/>> <br />>
That's quite normal - the postgres user doesn't have permission to open<br/>>
the SC Manager to view the permissions, because it's not a Power User.<br/>> <br />> <br />>
> Administrator user:<br/>> <br />> This is good. It shows one very clear difference from what I have on a<br
/>>working system, which is:<br />> <br />>
> /pace =authenticated users      ACCESS_ALLOWED_ACE_TYPE-0x0<br/>>
>         SERVICE_USER_DEFINED_CONTROL-0x0100<br/>> <br />> On my system, I have:<br />>
/pace =authenticated users      ACCESS_ALLOWED_ACE_TYPE-0x0<br/>>
        SERVICE_QUERY_CONFIG-0x1           SERVICE_QUERY_STATUS-0x4<br/>> <br />>
        SERVICE_ENUMERATE_DEPEND-0x8<br/>>         SERVICE_INTERROGATE-0x80           READ_CONTROL-0x20000<br />>
<br/>>         SERVICE_USER_DEFINED_CONTROL-0x0100<br />> <br />> <br />> <br />>
So this is the problem. Now to figure out how to fix it :-) From what I<br/>>
can tell it simply needs to add back the missing ACE flags. This command<br/>>
hopefully should work (not tested apart from the syntax, since I don't<br/>>
have a good testig place, but  please try it and if it doesn't work see<br/>>
if you can figure out what to change):<br/>> <br />>
Subinacl /service NULL /grant="authenticated users"=QSEILU<br/>> <br />> <br />>
You need to run this as administrator of course, but it should hopefully<br/>> unlock the NUL device again.<br
/>><br />> //Magnus<br />> <br /><br /><br /><hr />Express yourself instantly with Windows Live Messenger! <a
href="http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=joinmsncom/messenger"
target="_new">WindowsLive Messenger!</a>