Running PostGre on DVD

Why do you need to run PostgreSQL as admin? There shouldn't be any need
for this.

Someone has done a PostgreSQL demo CD, I believe based on Knoppix.
The list archives will probably have more info.

On Mon, Nov 14, 2005 at 11:29:10AM +0100, eric.leguillier@mpsa.com wrote:

Hi everybody,

My questions may seem kind of odd.

I would like to run PostGreSQL on a DVD (database on the DVD and if
possible executable on DVD too) on windows.
I want no installation at all, so I took the no install package.

The problem is the need of creating a non-admin user to run PostGre, I
would like to know if there is an option to parameter PostGre to accept
WILLINGLY that an administrator user can run it. If there isn't, it would
be a great idea to add such a parameter.

Secondly, I would like to run PostGre having only read permission on the
data directory (which would be on the DVD...). Is it possible? If not, can
it be added (add of a 'read-only' option).

Thanks in advance for your help.

Regards,

Eric LEGUILLIER

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

On Tuesday 15 November 2005 12:29 am, Jim C. Nasby wrote:

Why do you need to run PostgreSQL as admin? There shouldn't be any need
for this.

Actually I've run into a scenario where this was needed. I'm not a Windows
expert, so there might be some way to get around this:

I have a localadmin account on the workstation(which is a member of a domain).
As this localadmin(with full local administrative privileges) I created a
local user "postgres" to run PostgreSQL as. The problem was that the policy
for the domain the machine was a member of(which obviously overrides local
settings) prevented this new local user to have "local login" privileges.
Therefore I couldn't create a user to run the postmaster as. I was "stuck"
with my admin-user, which I was not able to start PG as. This was quite
frustrating as I really wanted to install Tomcat+PG to run a demo-webapp for
a customer on one of their machines. There really should be an option for
"Yes, I really want to run PG as a user with Administrator-privileges on
Windows. I promiss not to bug -hacker about any potential security-problems I
might experience".

--
Andreas Joseph Krogh <andreak@officenet.no>
Senior Software Developer / Manager
gpg public_key: http://dev.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Hoffsveien 17 | know how to do a thing and to watch |
PO. Box 425 Skøyen | somebody else doing it wrong, without |
0213 Oslo | comment. |
NORWAY | |
Phone : +47 22 13 01 00 | |
Direct: +47 22 13 10 03 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+

I explain myself about running PostGre as admin.

In fact I don't want specifically run PostGre as admin. The problem is, on
the computers the application including PostGre will run, I'm not sure that
the user won't have any admin or power user rights. Furthermore, I've
noticed that on certain domains, any user created is automatically added to
a default group having power user rights (that is actually happening to
me).
It causes I cannot run PostGre because on my domain, because any user
created is added to such a default group. That's why adding a parameter for
willingly authorize an user with special rights to run the application
would be great for me.

Regards,

Eric LEGUILLIER

Why do you need to run PostgreSQL as admin? There shouldn't be any need
for this.

Someone has done a PostgreSQL demo CD, I believe based on Knoppix.
The list archives will probably have more info.

On Mon, Nov 14, 2005 at 11:29:10AM +0100, eric.leguillier@mpsa.com wrote:

Hi everybody,

My questions may seem kind of odd.

I would like to run PostGreSQL on a DVD (database on the DVD and if
possible executable on DVD too) on windows.
I want no installation at all, so I took the no install package.

The problem is the need of creating a non-admin user to run PostGre, I
would like to know if there is an option to parameter PostGre to accept
WILLINGLY that an administrator user can run it. If there isn't, it would
be a great idea to add such a parameter.

Secondly, I would like to run PostGre having only read permission on the
data directory (which would be on the DVD...). Is it possible? If not,

can

it be added (add of a 'read-only' option).

Thanks in advance for your help.

Regards,

Eric LEGUILLIER

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

On Tue, Nov 15, 2005 at 09:19:23AM +0100, Andreas Joseph Krogh wrote:

On Tuesday 15 November 2005 12:29 am, Jim C. Nasby wrote:

Why do you need to run PostgreSQL as admin? There shouldn't be any need
for this.

Actually I've run into a scenario where this was needed. I'm not a Windows
expert, so there might be some way to get around this:

I have a localadmin account on the workstation(which is a member of a domain).
As this localadmin(with full local administrative privileges) I created a
local user "postgres" to run PostgreSQL as. The problem was that the policy
for the domain the machine was a member of(which obviously overrides local
settings) prevented this new local user to have "local login" privileges.

Typical windows, can't give up admin priveliges even if you want to.

All jokes aside, doesn't "runas" allow you to start a program as
another user? Although the web seems to imply you have to be running a
special service to have multiple accounts running simultaneously. Talk
about bolt-on security.

<snip>

There really should be an option for
"Yes, I really want to run PG as a user with Administrator-privileges on
Windows. I promiss not to bug -hacker about any potential security-problems I
might experience".

This is free software. Nothing is stopping you from downloading the
source, disabling the check and posting it as:

Safety Free PostgreSQL - The PostgreSQL that runs everywhere and lets
you do anything, including trash your machine on demand.

There's just no reason for it to be an official PostgreSQL Development
Group product.

Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/

Why do you need to run PostgreSQL as admin? There

shouldn't be any

need for this.

Actually I've run into a scenario where this was needed. I'm not a
Windows expert, so there might be some way to get around this:

I have a localadmin account on the workstation(which is a

member of a domain).

As this localadmin(with full local administrative privileges) I
created a local user "postgres" to run PostgreSQL as. The

problem was

that the policy for the domain the machine was a member of(which
obviously overrides local
settings) prevented this new local user to have "local

login" privileges.

Typical windows, can't give up admin priveliges even if you want to.

Huh. The stated problem is that the low privilege account does *not*
have the required privilege (to log in).
Note that PostgreSQL doesn't really require "log on locally" for
anything other than initdb. So if you can initdb on a different box and
copy it there, or somehow get the permissions temporarily, the server
will workf ine. The server only requires "Log in as a service".

The best way to fix it is of course if you can have the domain guys
grant your local account the login locally right. If not, perhaps they
can set you up with a low-priv domain account to run the service under?
(I assume you are not the domain admin guy, or this would have already
been fixed...)

If the security is set up so that you can use a local *admin* acconut
but not a local *nonadmin* accuont, then your domain people really need
to look over their security policies, because they are very very broken
indeed.

All jokes aside, doesn't "runas" allow you to start a program
as another user?

It does, but this still requires that this user have the right to log
in, which is the problem in this case it seems.

/Magnus

On Tue, Nov 15, 2005 at 01:51:04PM +0100, Magnus Hagander wrote:

Huh. The stated problem is that the low privilege account does *not*
have the required privilege (to log in).
Note that PostgreSQL doesn't really require "log on locally" for
anything other than initdb. So if you can initdb on a different box and
copy it there, or somehow get the permissions temporarily, the server
will workf ine. The server only requires "Log in as a service".

Sorry, my understanding of Windows permissions is hazy at times. You
have permission to create users, but not permission to run programs as
the user you created (because you need to "login"). And there is a
distinction between running as a service and running as a program(?!).

So I think my statement is correct that the above user cannot run
programs as anything other than administrator privelidges. Like you
said, if he could, this discussion would be moot.

If the security is set up so that you can use a local *admin* acconut
but not a local *nonadmin* accuont, then your domain people really need
to look over their security policies, because they are very very broken
indeed.

That was the way I read it and I agree, that's a very broken way to set
things up.

Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/

I explain myself about running PostGre as admin.

In fact I don't want specifically run PostGre as admin. The problem

is, on

the computers the application including PostGre will run, I'm not sure
that
the user won't have any admin or power user rights. Furthermore, I've
noticed that on certain domains, any user created is automatically

added

to
a default group having power user rights (that is actually happening

to

me).

To be honest, the fact that Postgres forces you to run as a non-admin
user has given me nothing but headaches. (yes, I know, the problem is
defaulting everyone to admin rights is the problem. But that's where I
am). I have been kicking around the idea of posting a change to allow
you to run as admin, but in the meanwhile if you can build Postgres on
your machine, the fix is very easy. Go into src/backend/main/main.c and
find the line

if (pgwin32_is_admin())

and change it to

if (false && pgwin32_is_admin())

Mike Pollard
SUPRA Server SQL Engineering and Support
Cincom Systems, Inc

Huh. The stated problem is that the low privilege account

does *not*

have the required privilege (to log in).
Note that PostgreSQL doesn't really require "log on locally" for
anything other than initdb. So if you can initdb on a different box
and copy it there, or somehow get the permissions temporarily, the
server will workf ine. The server only requires "Log in as

a service".

Sorry, my understanding of Windows permissions is hazy at
times. You have permission to create users, but not
permission to run programs as the user you created (because
you need to "login").

Yes. If you set up your permissions in a really weird way, you can have
that.

And there is a distinction between
running as a service and running as a program(?!).

Yes. And this is a good thing! :-)
There is no reason a normal user should be able to run a service
process. And services should normally have dedicated accounts, and there
is no reason you should ever need to log in as that account
interactively.

//Magnus

On Tuesday 15 November 2005 02:07 pm, Martijn van Oosterhout wrote:

On Tue, Nov 15, 2005 at 01:51:04PM +0100, Magnus Hagander wrote:

Huh. The stated problem is that the low privilege account does *not*
have the required privilege (to log in).
Note that PostgreSQL doesn't really require "log on locally" for
anything other than initdb. So if you can initdb on a different box and
copy it there, or somehow get the permissions temporarily, the server
will workf ine. The server only requires "Log in as a service".

Sorry, my understanding of Windows permissions is hazy at times. You
have permission to create users, but not permission to run programs as
the user you created (because you need to "login"). And there is a
distinction between running as a service and running as a program(?!).

So I think my statement is correct that the above user cannot run
programs as anything other than administrator privelidges. Like you
said, if he could, this discussion would be moot.

If the security is set up so that you can use a local *admin* acconut
but not a local *nonadmin* accuont, then your domain people really need
to look over their security policies, because they are very very broken
indeed.

That was the way I read it and I agree, that's a very broken way to set
things up.

Have a nice day,

Broken or not, it's a setup I'm not in control over. And I'm certainly not the
guy to hack the "disable admin-security-check on windows" feature:-(

--
Andreas Joseph Krogh <andreak@officenet.no>
Senior Software Developer / Manager
gpg public_key: http://dev.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Hoffsveien 17 | know how to do a thing and to watch |
PO. Box 425 Skøyen | somebody else doing it wrong, without |
0213 Oslo | comment. |
NORWAY | |
Phone : +47 22 13 01 00 | |
Direct: +47 22 13 10 03 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+

On Tuesday 15 November 2005 02:16 pm, Pollard, Mike wrote:

I explain myself about running PostGre as admin.

In fact I don't want specifically run PostGre as admin. The problem

is, on

the computers the application including PostGre will run, I'm not sure
that
the user won't have any admin or power user rights. Furthermore, I've
noticed that on certain domains, any user created is automatically

added

to
a default group having power user rights (that is actually happening

to

me).

To be honest, the fact that Postgres forces you to run as a non-admin
user has given me nothing but headaches. (yes, I know, the problem is
defaulting everyone to admin rights is the problem. But that's where I
am). I have been kicking around the idea of posting a change to allow
you to run as admin, but in the meanwhile if you can build Postgres on
your machine, the fix is very easy. Go into src/backend/main/main.c and
find the line

if (pgwin32_is_admin())

and change it to

if (false && pgwin32_is_admin())

Thanks, I'll see if I can build PG on Windows now.

--
Andreas Joseph Krogh <andreak@officenet.no>
Senior Software Developer / Manager
gpg public_key: http://dev.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Hoffsveien 17 | know how to do a thing and to watch |
PO. Box 425 Skøyen | somebody else doing it wrong, without |
0213 Oslo | comment. |
NORWAY | |
Phone : +47 22 13 01 00 | |
Direct: +47 22 13 10 03 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+

-----Original Message-----
From: pgsql-hackers-owner@postgresql.org
[mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of
Magnus Hagander
Sent: 15 November 2005 13:31
To: Martijn van Oosterhout
Cc: Andreas Joseph Krogh; pgsql-hackers@postgresql.org
Subject: Re: [HACKERS] Running PostGre on DVD

Yes. And this is a good thing! :-)
There is no reason a normal user should be able to run a service
process. And services should normally have dedicated
accounts, and there
is no reason you should ever need to log in as that account
interactively.

Yes there is, to setup a MAPI profile for the service to use.

However I'd welcome it if you could prove that wrong with an easy way to
create a profile for a different user :-)

Regards, Dave.

Yes. And this is a good thing! :-)
There is no reason a normal user should be able to run a service
process. And services should normally have dedicated accounts, and
there is no reason you should ever need to log in as that account
interactively.

Yes there is, to setup a MAPI profile for the service to use.

However I'd welcome it if you could prove that wrong with an
easy way to create a profile for a different user :-)

Just don't use MAPI from a service. It was *NOT* made for doing that.
MAPI was created for a single user running a single-threaded app on a
single console.

There are plenty of other ways to get to your mail, that will actually
work :-)

//Magnus

-----Original Message-----
From: Magnus Hagander [mailto:mha@sollentuna.net]
Sent: 15 November 2005 13:45
To: Dave Page; Martijn van Oosterhout
Cc: Andreas Joseph Krogh; pgsql-hackers@postgresql.org
Subject: RE: [HACKERS] Running PostGre on DVD

Yes. And this is a good thing! :-)
There is no reason a normal user should be able to run a service
process. And services should normally have dedicated

accounts, and

there is no reason you should ever need to log in as that account
interactively.

Yes there is, to setup a MAPI profile for the service to use.

However I'd welcome it if you could prove that wrong with an
easy way to create a profile for a different user :-)

Just don't use MAPI from a service. It was *NOT* made for doing that.
MAPI was created for a single user running a single-threaded app on a
single console.

There are plenty of other ways to get to your mail, that will actually
work :-)

Better tell that to the SQL Server team then 'cos that's exactly how the
SQL Agent sends mail :-)

/D

I explain myself about running PostGre as admin.

In fact I don't want specifically run PostGre as admin. The problem

is, on

the computers the application including PostGre will run,

I'm not sure

that the user won't have any admin or power user rights.

Furthermore,

I've noticed that on certain domains, any user created is
automatically

added

to
a default group having power user rights (that is actually happening

to

me).

To be honest, the fact that Postgres forces you to run as a
non-admin user has given me nothing but headaches. (yes, I
know, the problem is defaulting everyone to admin rights is
the problem. But that's where I am). I have been kicking
around the idea of posting a change to allow you to run as
admin,

This has been proposed before, and always rejected. While you're always
welcome to provide a patch, I'm very doubtful it would be accepted into
the main product.

//Magnus

On Tuesday 15 November 2005 03:05 pm, Magnus Hagander wrote:

I explain myself about running PostGre as admin.

In fact I don't want specifically run PostGre as admin. The problem

is, on

the computers the application including PostGre will run,

I'm not sure

that the user won't have any admin or power user rights.

Furthermore,

I've noticed that on certain domains, any user created is
automatically

added

to
a default group having power user rights (that is actually happening

to

me).

To be honest, the fact that Postgres forces you to run as a
non-admin user has given me nothing but headaches. (yes, I
know, the problem is defaulting everyone to admin rights is
the problem. But that's where I am). I have been kicking
around the idea of posting a change to allow you to run as
admin,

This has been proposed before, and always rejected. While you're always
welcome to provide a patch, I'm very doubtful it would be accepted into
the main product.

Oracle allows you to run it as admin... Don't know about SQL Server...
My bet is PG will some day bite the bullet and allow this too as more and more
will use PG on Windows.

--
Andreas Joseph Krogh <andreak@officenet.no>
Senior Software Developer / Manager
gpg public_key: http://dev.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Hoffsveien 17 | know how to do a thing and to watch |
PO. Box 425 Skøyen | somebody else doing it wrong, without |
0213 Oslo | comment. |
NORWAY | |
Phone : +47 22 13 01 00 | |
Direct: +47 22 13 10 03 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+

"Magnus Hagander" <mha@sollentuna.net> writes:

To be honest, the fact that Postgres forces you to run as a
non-admin user has given me nothing but headaches. (yes, I
know, the problem is defaulting everyone to admin rights is
the problem. But that's where I am). I have been kicking
around the idea of posting a change to allow you to run as
admin,

This has been proposed before, and always rejected. While you're always
welcome to provide a patch, I'm very doubtful it would be accepted into
the main product.

The example given in this thread certainly isn't going to change
anybody's mind. "Hi, I propose reducing everybody's security because
my local admins insist on an utterly brain-dead security policy."

regards, tom lane

This has been proposed before, and always rejected. While you're
always welcome to provide a patch, I'm very doubtful it would be
accepted into the main product.

The example given in this thread certainly isn't going to change

anybody's mind.

"Hi, I propose reducing everybody's security because my local admins

insist on an

utterly brain-dead security policy."

I think there is still need for discussion in this area for typical
Windows desktop use.

1. You can run Windows without creating users at all.
2. You may be using a Windows box where you are not allowed to create a
user

To apply unix practices to Windows is imho not really practicable.
For example a Windows developer usually uses an account with
administrative privs
and thus cannot run "make check" from his account :-(

Andreas

The example given in this thread certainly isn't going to change
anybody's mind. "Hi, I propose reducing everybody's security because
my local admins insist on an utterly brain-dead security policy."

What's wrong with that? ;)

But seriously, the proposal is not to reduce everybody's security, just
make it an option for people that want to. I am not arguing that it is
a good idea/bad idea. In fact, the best thing to do may be to leave it
in contrib, so if someone thinks it will solve a problem, it is at least
a little painful to get to it. But at least by putting it into contrib,
it may be useful to someone. Especially if the idea is to put a sample
database onto a removable device. I suspect this is for some kind of
demo (if not, it could be used for one); you go to a prospects site, pop
the CD/DVD into their machine, and show off what your product can do for
them. In that case, you may have no control over the permissions on the
machine, and you certainly do not want to have to create and switch
users for a demo; you've just lost the customers interest.

Also, in my case, I'm running the debugger and profiler against Postgres
on my Windows machine. I find it much easier to throw out the admin
restriction, so I can just use my own account. I agree that my default
account should not have had full admin rights, but that is the way the
machine came. And yes, I should have immediately created a new user and
set myself up on that one. But come on, my old laptop was so old, and I
was so excited... sorry, TMI.

Mike Pollard
SUPRA Server SQL Engineering and Support
Cincom Systems, Inc

On Tuesday 15 November 2005 03:37 pm, Tom Lane wrote:

"Magnus Hagander" <mha@sollentuna.net> writes:

To be honest, the fact that Postgres forces you to run as a
non-admin user has given me nothing but headaches. (yes, I
know, the problem is defaulting everyone to admin rights is
the problem. But that's where I am). I have been kicking
around the idea of posting a change to allow you to run as
admin,

This has been proposed before, and always rejected. While you're always
welcome to provide a patch, I'm very doubtful it would be accepted into
the main product.

The example given in this thread certainly isn't going to change
anybody's mind. "Hi, I propose reducing everybody's security because
my local admins insist on an utterly brain-dead security policy."

Tom, nobody wants to reduce everybody's security, and nobody is proposing
changes leading to such. I just believe more than me agree that having this
as an option on Windows wouldn't hurt anybody, but would rather make life
simpler for some Windows people. Anyway, I don't use Windows on a regular
basis, so it's not that important to me...

--
Andreas Joseph Krogh <andreak@officenet.no>
Senior Software Developer / Manager
gpg public_key: http://dev.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Hoffsveien 17 | know how to do a thing and to watch |
PO. Box 425 Skøyen | somebody else doing it wrong, without |
0213 Oslo | comment. |
NORWAY | |
Phone : +47 22 13 01 00 | |
Direct: +47 22 13 10 03 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+