Thread: Win32 Question about the right level for the account that PostgreSQL is installed under...

Sorry to be such a pest.  Since an administrator will get this error:

creating template1 database in u:/msys/1.0/local/pgsql/data/base/1 ...
execution of PostgreSQL by a user with administrative permissions is not
permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
child process was terminated by signal 1
initdb.exe: failed

What is the highest safe level to do the installation under Win32?


grep "administrative permissions" *.html
In the pgsql/doc/html directory turns up nothing.

Administrator all seems to be linked to database administrator:
admin.html (107): > database administrator. This includes
app-ipcclean.html (153): > Only the database administrator should
execute this program as it
app-psql.html (1009): administrator should have informed you about your
access rights. To
auth-methods.html (586): administrators operate in close contact. In
other words, you must
backup-online.html (238): provide the database administrator with as
much flexibility as possible,
backup-online.html (247): the administrator specify a shell command to
be executed to copy a
charset.html (161): point of view of the administrator.
client-authentication.html (1098): # with the same name as their user
name) except for administrators and
disk-full.html (99): > The most important disk monitoring task of a
database administrator
diskusage.html (122): release, the database administrator does not have
much control over
maintenance.html (155): administrator's responsibility to set up
appropriate scripts, and to
maintenance.html (253): Therefore, database administrators must
understand these issues and
maintenance.html (660): have been made to help database administrators
keep track of the
maintenance.html (746): for as long as a billion transactions. But to
help administrators ensure
manage-ag-tablespaces.html (102): > allow database administrators to
manage-ag-tablespaces.html (108): > By using tablespaces, a database
administrator can control the disk
manage-ag-tablespaces.html (119): > Secondly, tablespaces allow a
database administrator to arrange data
monitoring-locks.html (107): database administrator to view information
about the outstanding
monitoring-stats.html (178): ordinary users from hiding their activity
from the administrator,
monitoring.html (142): > A database administrator frequently wonders,
<SPAN
notation.html (177): >administrator</I
plperl-trusted.html (172): administrator. Note that the database system
allows only database
plpgsql-control-structures.html (329): > configuration variable.
Administrators
pltcl-unknown.html (179): writable only by the database administrator.
pltcl.html (224): a user logged in as the database administrator.
protocol-flow.html (1047): outside activity; for example, if the
database administrator commands
protocol-flow.html (1065): for parameter status changes to occur because
the administrator
protocol-flow.html (1243): > In rare cases (such as an
administrator-commanded database shutdown)
protocol-flow.html (1386): > encryption, the administrator may
release-6-3.html (242): >Administrator's Guide</I
release-6-5.html (257): >Administrator's Guide</I
release-7-2.html (184): > Administrators can use the new table access
statistics module
release-7-4.html (1124): logging that was enabled by the administrator.
release-7-4.html (1168): administrators to see only slow queries in
their server logs.
release-7-4.html (1178): > This allows administrators to merge the host
IP address and
release.html (476): > Tablespaces allow administrators to select the
file systems
release.html (912): Administrators who have tested shared buffer sizes
in the past
release.html (1275): > This allows administrators to log only data
definition changes or
release.html (1555): > This allows administrators to default all <TT
runtime-config.html (1296): > The intent of this feature is to allow
administrators to reduce
runtime-config.html (1310): delay provides a way for administrators to
achieve this.
runtime-config.html (1687): >. Some administrators
runtime-config.html (1693): point if something goes wrong, whereas some
administrators
runtime-config.html (3265): option is set by the administrator.
runtime-config.html (3384): > Reports information of interest to
administrators, e.g.,
runtime-config.html (3553): option if it is enabled by the
administrator.
runtime-config.html (3835): the detail of this option if it has been set
by an administrator.
runtime-config.html (3961): been enabled by the administrator.
tutorial-createdb.html (115): > Possibly, your site administrator has
already created a database
tutorial-createdb.html (167): administrator or check back in the
installation instructions to
tutorial-createdb.html (184): installation instructions or consult the
administrator.
tutorial-createdb.html (198): for you then the site administrator needs
to grant you permission
tutorial-createdb.html (199): to create databases. Consult your site
administrator if this
tutorial-start.html (145): distribution or because the system
administrator already installed
tutorial-start.html (147): operating system documentation or your system
administrator about
tutorial-start.html (186): > If your site administrator has not set
things up in the default
tutorial-start.html (200): site administrator or, if that is you, the
documentation to make
wal-internals.html (106): required from the administrator except
ensuring that the
wal-internals.html (177): irrecoverable data corruption. Administrators
should try to ensure
xplang.html (158): subsequently created databases. So the database
administrator can


So when it says: "See the documentation for more information on how to
properly start the server."

It might be nice to have the actual document and page for nitwits like
me to be able to find it.

> -----Original Message-----
> From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Dann Corbit
> Sent: Wednesday, September 01, 2004 2:18 PM
> To: PostgreSQL-development
> Subject: [HACKERS] Win32 Question about the right level for
> the account that PostgreSQL is installed under...
>
>
> Sorry to be such a pest.  Since an administrator will get this error:
>
> creating template1 database in
> u:/msys/1.0/local/pgsql/data/base/1 ... execution of
> PostgreSQL by a user with administrative permissions is not
> permitted. The server must be started under an unprivileged
> user ID to prevent possible system security compromise.  See
> the documentation for more information on how to properly
> start the server. child process was terminated by signal 1
> initdb.exe: failed
>
> What is the highest safe level to do the installation under Win32?
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to
> majordomo@postgresql.org
>


On Wed, Sep 01, 2004 at 02:31:27PM -0700, Dann Corbit wrote:
> grep "administrative permissions" *.html
> In the pgsql/doc/html directory turns up nothing.

I think the relevant documentation should be here:

http://developer.postgresql.org/docs/postgres/runtime.html

Note that it talks about a Unix user account but there's nothing about a
Windows user account.  This is a documentation bug.

> So when it says: "See the documentation for more information on how to
> properly start the server."
> 
> It might be nice to have the actual document and page for nitwits like
> me to be able to find it.

Maybe the message should be more specific on what part of the manual
they'd like you to read.  Before you can read it, though, it has to be
written ...

-- 
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
FOO MANE PADME HUM



> Sorry to be such a pest.  Since an administrator will get this error:
>
> creating template1 database in u:/msys/1.0/local/pgsql/data/base/1 ...
> execution of PostgreSQL by a user with administrative
> permissions is not permitted.
> The server must be started under an unprivileged user ID to
> prevent possible system security compromise.  See the
> documentation for more information on how to properly start
> the server.
> child process was terminated by signal 1
> initdb.exe: failed
>
> What is the highest safe level to do the installation under Win32?

Must *not* be a member of the Administrators local group or any group
which nests into this group (this includes, of course, Domain Admins,
but may include other groups depending on your setup).
Must *not* be a member of the Power Users local group or any group which
nests into this group.

That's all we check.

Don't grant it unnecessary privileges either, but that's generally not
done by default in most setups. It needs log in as a service outside the
normal ones, but no others. If you run as service. Otherwise, just log
on locally for you to runas to it.

Yes, this needs to go intot he documentation :-(

//Magnus