Thread: pg_id and pg_encoding
Is there any reason to keep separate pg_id and pg_encoding programs, or should they be merged into a C version of initdb? AFAICS initdb is the only thing that uses them. We'll also need to decide the Windows equivalent of the 'don't run as root' rule - or even if we want to enforce it at all, given that it appears to be very common practice on Windows to run all services as a user with Administrator privileges. cheers andrew
Andrew Dunstan wrote: > > Is there any reason to keep separate pg_id and pg_encoding programs, or > should they be merged into a C version of initdb? AFAICS initdb is the > only thing that uses them. Yes, I assume they would go away with a C version. > We'll also need to decide the Windows equivalent of the 'don't run as > root' rule - or even if we want to enforce it at all, given that it > appears to be very common practice on Windows to run all services as a > user with Administrator privileges. I assume we will relax that for Win32. I don't think non-Administrators have the same isolation on Win32 as non-root users have on Unix. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
Bruce Momjian wrote: >>We'll also need to decide the Windows equivalent of the 'don't run as >>root' rule - or even if we want to enforce it at all, given that it >>appears to be very common practice on Windows to run all services as a >>user with Administrator privileges. >> >> > >I assume we will relax that for Win32. I don't think non-Administrators >have the same isolation on Win32 as non-root users have on Unix. > > While it's best practice for *ix to work as non-root, many windows users will be administrator-equivalent. The "Local System account" commonly used to run services is even more privileged than the local admin. So the restriction to non-admins won't make too much sense. Regards, Andreas
"Andreas Pflug" <pgadmin@pse-consulting.de> wrote: > Bruce Momjian wrote: > > >>We'll also need to decide the Windows equivalent of the 'don't run as > >>root' rule - or even if we want to enforce it at all, given that it > >>appears to be very common practice on Windows to run all services as a > >>user with Administrator privileges. > >> > >> > > > >I assume we will relax that for Win32. I don't think non-Administrators > >have the same isolation on Win32 as non-root users have on Unix. > > > > > While it's best practice for *ix to work as non-root, many windows users > will be administrator-equivalent. The "Local System account" commonly > used to run services is even more privileged than the local admin. So > the restriction to non-admins won't make too much sense. Work as non-root is a good practice for windows user too, I'll not bet for the future that on windows all users will be "super user"; you can choose to start a service like a non super user too, I'd like to mantain the same policy on windows too. Regards Gaetano Mendola
Gaetano Mendola wrote: > > >Work as non-root is a good practice for windows user too, I'll not bet >for the future that on windows all users will be "super user"; >you can choose to start a service like a non super user too, I'd like to >mantain the same policy on windows too. > > > We're talking about running services, and many admins probably run their services with an admin group member account. User accounts *can* selectively be given the needed privileges to run a service, but it's quite tricky and documentation isn't too good about this. Regards, Andreas
On Sun, 2003-09-07 at 16:46, Bruce Momjian wrote: > Andrew Dunstan wrote: > > > > Is there any reason to keep separate pg_id and pg_encoding programs, or > > should they be merged into a C version of initdb? AFAICS initdb is the > > only thing that uses them. > > Yes, I assume they would go away with a C version. I use both of them for the Debian packaging, to try to ensure that upgrading goes seamlessly. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "For whosoever shall call upon the name of the Lord shall be saved." Romans 10:13