Thread: BUG #5752: installer does not give proper os privileges on folders

BUG #5752: installer does not give proper os privileges on folders

From

"Kasia Tuszynska"

Date:

12 November 2010, 23:27:48

The following bug has been logged online:

Bug reference:      5752
Logged by:          Kasia Tuszynska
Email address:      ktuszynska@esri.com
PostgreSQL version: 9.0.1
Operating system:   Windows 2008 R2 (64bit)
Description:        installer does not give proper os privileges on folders
Details:

Tested:
The one click Postgres 64bit installer for 9.0.0 and 9.0.1

Tested on:
windows 2008 64bit
windows 2008 R2 - which is only 64bit
UAC was turned off
password strength was disabled

Problem: crying to create a tablespace gives error: could not set
permissions on directory C:\.....\tablespace_name" Permission denied

work around: grant the users group full control privileges on the tablespace
folder

Locations tried:
under the data folder - failed with permissions denied
under the C drive - failed with permissions denied

ways of creating ta tablespace, tried:
programatically calling a postgres function
creating folder manually, using pgAdminiii for tbsp creation
creating folder manually, using psql to create the tablespace

Compared the result:
pg 8.3.8 msi on win2003 32bit, win 2008 R2
to
pg 9.0.0 and 9.0.1 one click installer on win 2008 R2

I compared the privileges granted on the PostgreSQL, 8.3/9.0, data and
tablespace folders and found the following differences:
PostgreSQL folder - same privs given by both versions

Privs present on the 8.3.8 folder but missing on the 9.0 folder
deny  postgres special
allow postgers read&execute
- all others are the same between both versions

Priv differences on the data folder
8.3.8 had:
allow  postgres  modify not inherited this folder and subfolders

9.0 had:
allow postgres special  not inherited this folder only
allow kasia    special  not inherited this folder only
- all others are the same between both versions

Privs listed on the folder data\tablespace_name
8.3.8:
allow trustedinstaller special  - appears twice
allow system           special  - appears twice
allow administrators   special  - appears twice
allow users            special  - appears twice
allow creator owner    special
allow postgres         modify this folder, subfolders

9.0:
allow trustedinstaller special
allow system           full control
allow administrators   full control
allow users            read&write
allow creator owner    special

Conclusion: postgres os user and the users windows group are missing
privileges on folders granted inside the data folder layed down by the
postgres 9.0 one click installer.

Re: BUG #5752: installer does not give proper os privileges on folders

From

Dave Page

Date:

21 December 2010, 10:53:31

Apologies for the delay in replying.

On Sat, Nov 13, 2010 at 1:27 AM, Kasia Tuszynska <ktuszynska@esri.com> wrot=
e:
>
> The following bug has been logged online:
>
> Bug reference: =A0 =A0 =A05752
> Logged by: =A0 =A0 =A0 =A0 =A0Kasia Tuszynska
> Email address: =A0 =A0 =A0ktuszynska@esri.com
> PostgreSQL version: 9.0.1
> Operating system: =A0 Windows 2008 R2 (64bit)
> Description: =A0 =A0 =A0 =A0installer does not give proper os privileges =
on folders
> Details:
>
> Tested:
> The one click Postgres 64bit installer for 9.0.0 and 9.0.1
>
> Tested on:
> windows 2008 64bit
> windows 2008 R2 - which is only 64bit
> UAC was turned off
> password strength was disabled
>
> Problem: crying to create a tablespace gives error: could not set
> permissions on directory C:\.....\tablespace_name" Permission denied
>
> work around: grant the users group full control privileges on the tablesp=
ace
> folder

We've been unable to reproduce this issue, either on Windows Server,
or Windows 7. When the installer sets the permissions on the data
directory, it does so on the top level, recursively. Because of this,
I would expect operations like CREATE DATABASE to suffer from similar
issues, as the permissions on all subdirectories should be the same.

As I type this however, I wonder if the issue you are seeing is not
that the link between the data directory and the desired tablespace
directory cannot be created, but that Postgres cannot write to the
tablespace directory that you've created. You need to create the
tablespace something like this:

- Create the new tablespace directory, eg. c:\test
- Grant full control on c:\test to the PostgreSQL service account
(usually postgres)
- Create the tablespace in psql or pgAdmin.

Are you missing the second step perhaps?

--=20
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company