Thread: Re: [HACKERS] Fix for running from admin account on win32

> > Fine. I just wanted to make sure the decions was being made
> in terms
> > of logic, rather than Win32 cruft avoidance.  The previous
> discussion
> > was not clear on this point.
>
> I just came across another problem with this patch. It's not
> complete :(
>
> You can *run* postgresql fine with it, but you can't run
> initdb. Oops.
>
> I'll look at completing it with an update to initdb. There's nothing
> *wrong* with the patch that's in the queue now (that I know
> of, of course), so this is just an extension to it.

Attached is a patch for initdb only (the other patch stands unchanged).
It will make initdb re-exec itself with a restricted token when
available (since we can only control the security of subprocesses)

There's a bit of shared code with pg_ctl (but not all of the exec stuff,
because there is no need for a job object for initdb). I'm unsure if
it's worth putting something in src/port instead for it, so this version
doesn't.

//Magnus

"Magnus Hagander" <mha@sollentuna.net> writes:
> Attached is a patch for initdb only (the other patch stands unchanged).
> It will make initdb re-exec itself with a restricted token when
> available (since we can only control the security of subprocesses)

Applied to HEAD.

> There's a bit of shared code with pg_ctl (but not all of the exec stuff,
> because there is no need for a job object for initdb). I'm unsure if
> it's worth putting something in src/port instead for it, so this version
> doesn't.

I agree that it seems marginal at this point.  But if we find ourselves
adding the functionality anyplace else, you should probably factor out
the common code into a /port module.

            regards, tom lane