pgsql: Enable pg_ctl to give up admin privileges when starting the
Log Message:
-----------
Enable pg_ctl to give up admin privileges when starting the server under
Windows (if newer than NT4, else works same as before).
Magnus
Modified Files:
--------------
pgsql/src/bin/pg_ctl:
pg_ctl.c (r1.65 -> r1.66)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/bin/pg_ctl/pg_ctl.c.diff?r1=1.65&r2=1.66)
* Tom Lane (tgl@postgresql.org) wrote:
Enable pg_ctl to give up admin privileges when starting the server under
Windows (if newer than NT4, else works same as before).
I don't suppose we could consider doing this for Unix-based systems too?
I think it'd certainly be nice. It's also how quite a few other Unix
daemons operate.
Thanks,
Stephen
Stephen Frost <sfrost@snowman.net> writes:
* Tom Lane (tgl@postgresql.org) wrote:
Enable pg_ctl to give up admin privileges when starting the server under
Windows (if newer than NT4, else works same as before).
I don't suppose we could consider doing this for Unix-based systems too?
I think it'd certainly be nice. It's also how quite a few other Unix
daemons operate.
Why should we try to duplicate the functionality of "su"? And we would
have to largely duplicate it, not just change process UID.
I don't see the need for it anyway. The only reason this patch went in
at all is to compensate for the general level of ignorance of Windows
users...
regards, tom lane
Tom Lane wrote:
Stephen Frost <sfrost@snowman.net> writes:
* Tom Lane (tgl@postgresql.org) wrote:
Enable pg_ctl to give up admin privileges when starting the server under
Windows (if newer than NT4, else works same as before).I don't suppose we could consider doing this for Unix-based systems too?
I think it'd certainly be nice. It's also how quite a few other Unix
daemons operate.Why should we try to duplicate the functionality of "su"? And we would
have to largely duplicate it, not just change process UID.I don't see the need for it anyway. The only reason this patch went in
at all is to compensate for the general level of ignorance of Windows
users...
But other Unix daemons do it, so why not us?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Bruce Momjian wrote:
Tom Lane wrote:
Stephen Frost <sfrost@snowman.net> writes:
* Tom Lane (tgl@postgresql.org) wrote:
Enable pg_ctl to give up admin privileges when starting the server under
Windows (if newer than NT4, else works same as before).I don't suppose we could consider doing this for Unix-based systems too?
I think it'd certainly be nice. It's also how quite a few other Unix
daemons operate.Why should we try to duplicate the functionality of "su"? And we would
have to largely duplicate it, not just change process UID.I don't see the need for it anyway. The only reason this patch went in
at all is to compensate for the general level of ignorance of Windows
users...But other Unix daemons do it, so why not us?
Other Unix daemons typically do it when they need to do something at
startup like open a privileged port to listen on, or if they need to be
able to become other users. Postgres doesn't have anything that requires
root privilege in normal operation. How many times have security holes
been inadvertantly opened because of this sort of privilege escalation?
Windows is different in a number of ways, including the high
inconvenience factor involved in running as a non-power user, and the
fact that Windows servers are typically single-purpose.
cheers
andrew