Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled - Mailing list pgsql-bugs

From Michael Paquier
Subject Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date
Msg-id CAB7nPqQhwM4WgMnm8cSxmGuxEYGt19-xQRtmhuezFs8Hrav8fQ@mail.gmail.com
Whole thread Raw
In response to Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled  (Michael Paquier <michael.paquier@gmail.com>)
Responses Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
List pgsql-bugs
On Sat, Nov 7, 2015 at 4:09 PM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> On Fri, Nov 6, 2015 at 1:00 AM, Breen Hagan <breen@rtda.com> wrote:
>> Michael,
>
> (You should avoid top-posting, this breaks the logic of a thread).
>
>> I'm pretty sure your patch will fix my issue, but perhaps it should be a
>> positive check for SE_GROUP_ENABLED?
>
> If we want to be completely consistent with pgwin32_is_admin, that
> would be actually the opposite: Postgres should not start with an SID
> that has administrator's rights for security reasons.

SECURITY_SERVICE_RID and SECURITY_BUILTIN_DOMAIN_RID are completely
separated concepts... Please ignore that. Still, yeah, it seems that
you are right, we would want SE_GROUP_ENABLED to be enabled to check
if process can access the event logs. Thoughts from any Windows ninja
in the surroundings?
--
Michael

pgsql-bugs by date:

Previous
From: Michael Paquier
Date:
Subject: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Next
From: sumit_ghosh@persistent.co.in
Date:
Subject: BUG #13759: Getting error while installing through Stackbuilder 3.1.1