Re: [bug fix] pg_ctl fails with config-only directory
| От | Amit Kapila |
|---|---|
| Тема | Re: [bug fix] pg_ctl fails with config-only directory |
| Дата | |
| Msg-id | CAA4eK1+FPnqsd1TEYMU5A-msBmC73XezXogf0GFEAr_XQdt3mA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [bug fix] pg_ctl fails with config-only directory ("MauMau" <maumau307@gmail.com>) |
| Ответы |
Re: [bug fix] pg_ctl fails with config-only directory
|
| Список | pgsql-hackers |
On Thu, Dec 5, 2013 at 6:30 PM, MauMau <maumau307@gmail.com> wrote: > From: "Amit Kapila" <amit.kapila16@gmail.com> >> >> On Wed, Dec 4, 2013 at 7:57 PM, MauMau <maumau307@gmail.com> wrote: >>> >> >> Approach-2 has been discussed previously to resolve it and it doesn't seem >> to be >> a good way to handle it. Please refer link: >> http://www.postgresql.org/message-id/1339601668-sup-4658@alvh.no-ip.org >> >> You can go through that mail chain and see if there can be a better >> solution than Approach-2. > > > Thanks for the info. I understand your feeling, but we need to be > practical. I believe we should not leave a bug and inconvenience by > worrying about theory too much. In addition to the config-only directory, > the DBA with admin privs will naturally want to run "postgres -C" and > "postgres --describe-config", because they are useful and so described in > the manual. I don't see any (at least big) risk in allowing postgres > -C/--describe-config to run with admin privs. Today, I had again gone through all the discussion that happened at that time related to this problem and I found that later in discussion it was discussed something on lines as your Approach-2, please see the link http://www.postgresql.org/message-id/503A879C.6070703@dunslane.net > In addition, recent Windows > versions help to secure the system by revoking admin privs with UAC, don't > they? Disabling UAC is not recommended. > > I couldn't find a way to let postgres delete its token groups from its own > primary access token. There doesn't seem to be a reasonably clean and good > way. Wouldn't the other way to resolve this problem be reinvoke pg_ctl in non-restricted mode for the case in question? > So I had to choose approach 2. Please find attached the patch. This simple > and not-complex change worked well. I'd like to add this to 2014-1 > commitfest this weekend unless a better approach is proposed. I think it is important to resolve this problem, so please godhead and upload this patch to next CF. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: