Re: win32 port
| От | zuhans@iname.com |
|---|---|
| Тема | Re: win32 port |
| Дата | |
| Msg-id | 40EFAD7B.8070802@iname.com обсуждение исходный текст |
| Ответ на | Re: win32 port (Martijn van Oosterhout <kleptog@svana.org>) |
| Список | pgsql-general |
hello martijn,
maybe there are good reasons for both opinions - yours and "nobodys" (btw not too good a name...):
when postgresql should be running in production-systems running the database as root would be suicide (maybe running on most windows-envirionments too...). so this should be prevented.
but: if i do "just" programming and i want to run postgresql besides my ide to create/test my wonderful programming ideas there should be just the ability to run postgresql with any user - even with root. otherwise i must login to my computer as special postgresql-user to run postgresql but maybe don't have all rights to work with my ide and other programming-tools.
so there should be an easy solution for both!
greetings
hans
Martijn van Oosterhout schrieb:
maybe there are good reasons for both opinions - yours and "nobodys" (btw not too good a name...):
when postgresql should be running in production-systems running the database as root would be suicide (maybe running on most windows-envirionments too...). so this should be prevented.
but: if i do "just" programming and i want to run postgresql besides my ide to create/test my wonderful programming ideas there should be just the ability to run postgresql with any user - even with root. otherwise i must login to my computer as special postgresql-user to run postgresql but maybe don't have all rights to work with my ide and other programming-tools.
so there should be an easy solution for both!
greetings
hans
Martijn van Oosterhout schrieb:
On Wed, Jul 07, 2004 at 02:01:57PM +0100, nobody wrote:To begin with I am not sure this is a correct place to post this, if not please let me know. The PostgreSQL traditionally refuses to run under root account on Unix (for security reasons). On win32 the situation is the same (it will not run if run under user belonging to administrator group). In my opinion this should not be the case on win32 as developers are likely to belong to the administrators group and might like to run the database under their account.Think carefully about this. If the DB runs with admin rights, you've just given any person who connects to the database full rights to read and write any file on disk. Look at the COPY IN/OUT command and the lo_import/export() functions. They run with the priveledges of the *backend* not the frontend. So any connecting user would be able to lo_import() any file on disk and then display it for perusal. This is why on unix it runs as it's own user. Then it can only read other people's world-readable files.I think that issuing a warning (pop up window) at the start-up of the postmaster would be enough, something like: "Starting under privileged account is considered unsafe. Please consider starting the database server under different user account."Eeeuw, pop-up windows for a database server. No doubt it should stop the database starting up waiting for someone to press OK. Very useful (*not*) if you want to start the database from a script on a remote machine. Have a nice day,
В списке pgsql-general по дате отправления: