Hi all,
I'm trying to set up pgsql for classroom instruction, which means I need
to allow students to connect to my machine, preferably with no OS-level
privileges and minimal database privileges. Setting up the database
roles looks straightforward enough, but I'm having trouble figuring out
how to secure the machine. In particular, the advice to run pgsql as an
unprivileged user seems very good, but all the official docs I can find
for doing so require su/sudo and useradd. Installing pgsql as a service
using the script in /etc/rc.d runs it as the SYSTEM user, which is
anything but unprivileged [1][2]; it seems like the LocalService or
NetworkService account [3] would be a much better choice.
The pgsql README in /usr/doc/cygwin contains no useful information on
the topic; there are lots of third-party pages offering "helpful" advice
for cygwin+pgsql, but we all know how reliable those are (especially
since the most recent one I can find dates from 2008).
Does anybody have some advice on how I might proceed? Note that I don't
actually need it to run as a Windows service, it's just that most docs I
can find seem to point that way. If it would be better to create a pgsql
account (perhaps with help from cygwin-service-installation-helper.sh),
I'd be happy to go that way as well.
Thanks in advance,
Ryan
[1] http://support.microsoft.com/kb/120929
[2]
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx
[3]
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686005%28v=vs.85%29.aspx
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
