pg_id and pg_encoding

Andrew Dunstan wrote:

Is there any reason to keep separate pg_id and pg_encoding programs, or
should they be merged into a C version of initdb? AFAICS initdb is the
only thing that uses them.

Yes, I assume they would go away with a C version.

We'll also need to decide the Windows equivalent of the 'don't run as
root' rule - or even if we want to enforce it at all, given that it
appears to be very common practice on Windows to run all services as a
user with Administrator privileges.

I assume we will relax that for Win32. I don't think non-Administrators
have the same isolation on Win32 as non-root users have on Unix.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Bruce Momjian wrote:

We'll also need to decide the Windows equivalent of the 'don't run as
root' rule - or even if we want to enforce it at all, given that it
appears to be very common practice on Windows to run all services as a
user with Administrator privileges.

I assume we will relax that for Win32. I don't think non-Administrators
have the same isolation on Win32 as non-root users have on Unix.

While it's best practice for *ix to work as non-root, many windows users
will be administrator-equivalent. The "Local System account" commonly
used to run services is even more privileged than the local admin. So
the restriction to non-admins won't make too much sense.

Regards,
Andreas

"Andreas Pflug" <pgadmin@pse-consulting.de> wrote:

Bruce Momjian wrote:

We'll also need to decide the Windows equivalent of the 'don't run as
root' rule - or even if we want to enforce it at all, given that it
appears to be very common practice on Windows to run all services as a
user with Administrator privileges.

I assume we will relax that for Win32. I don't think non-Administrators
have the same isolation on Win32 as non-root users have on Unix.

While it's best practice for *ix to work as non-root, many windows users
will be administrator-equivalent. The "Local System account" commonly
used to run services is even more privileged than the local admin. So
the restriction to non-admins won't make too much sense.

Work as non-root is a good practice for windows user too, I'll not bet
for the future that on windows all users will be "super user";
you can choose to start a service like a non super user too, I'd like to
mantain the same policy on windows too.

Regards
Gaetano Mendola

Gaetano Mendola wrote:

Work as non-root is a good practice for windows user too, I'll not bet
for the future that on windows all users will be "super user";
you can choose to start a service like a non super user too, I'd like to
mantain the same policy on windows too.

We're talking about running services, and many admins probably run their
services with an admin group member account. User accounts *can*
selectively be given the needed privileges to run a service, but it's
quite tricky and documentation isn't too good about this.

Regards,
Andreas

On Sun, 2003-09-07 at 16:46, Bruce Momjian wrote:

Andrew Dunstan wrote:

Is there any reason to keep separate pg_id and pg_encoding programs, or
should they be merged into a C version of initdb? AFAICS initdb is the
only thing that uses them.

Yes, I assume they would go away with a C version.

I use both of them for the Debian packaging, to try to ensure that
upgrading goes seamlessly.

--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13