We were initially logging out of the Windows GUI environment and back in
again to do the Windows builds. Discovering runas made the whole
process MUCH less painful. So far I haven't needed to use any advanced
features of sudo or runas; in my view either is easy to use for the
common
cases. I'll
On Tue, Nov 15, 2005 at 10:29:34PM +0100, Magnus Hagander wrote:
> You still lose in the nested group scenario.
>
> And whlie a privilege like backup/restore can be used to overwrite any
> file on the system, you must be able to execute arbitrary API calls to
> do that. Whereas with admin/poweruse
> > > Ah, now we are making progress. If there was a way to
> give up file
> > > access permissions so you could no longer write files to,
> say, the
> > > Windows System directory, this would go a long way to solving the
> > > issue. Currently, if the Postmaster runs as admin, anyone with
>
On Tue, Nov 15, 2005 at 10:15:01PM +0100, Magnus Hagander wrote:
> > Ah, now we are making progress. If there was a way to give up
> > file access permissions so you could no longer write files
> > to, say, the Windows System directory, this would go a long
> > way to solving the issue. Currentl
> > > For example, does the windows model allow you to say (without
> > > creating a new user): I irrevocably restrict my access to files
> > > owned by user X for this process *only*. Or to files under
> > > subdirectory Y. Or I irrevocably restrict my access to open new
> > > network sockets.
On Tue, Nov 15, 2005 at 08:43:06PM +0100, Magnus Hagander wrote:
> Ok. Didn't know that part about nonexistant ids.
Usernames are implementation details, if you ask to become user 38587,
the kernel doesn't check whether they exist. You just might not be able
to open any files anymore :)
> > For e
> > There is *NOTHING* wrong with the model in this case. It's the
> > specific implementation of the mdoel that is broken.
> > If you assign every user uid "0" in Unix, I beleive you'd
> get the same
> > problem as when you assign every user an admin on
> windows... Both are
> > equally stupi
On Tue, Nov 15, 2005 at 10:58:31AM -0600, Jim C. Nasby wrote:
> BTW, my point was that the reason many windows users run with admin
> rights is because windows doesn't provide a viable alternative (unlike
> OS X).
Err, sorry, hit send too soon. My point about OS X isn't meant to start
a flame war,
On Tue, Nov 15, 2005 at 11:39:37AM -0500, Rod Taylor wrote:
> > Well, a bigger issue is that windows makes things a lot more difficult
> > to do if you don't have admin on your account. Yes, there is runas, but
> > windows doesn't exactly foster people working from the command line. And
> > IIRC ru
On Tue, Nov 15, 2005 at 05:33:38PM +0100, Magnus Hagander wrote:
> There is *NOTHING* wrong with the model in this case. It's the specific
> implementation of the mdoel that is broken.
> If you assign every user uid "0" in Unix, I beleive you'd get the same
> problem as when you assign every user a
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rod Taylor
> Sent: 15 November 2005 16:40
> To: Jim C. Nasby
> Cc: Pollard, Mike; pgsql-hackers@postgresql.org
> Subject: Re: [HACKERS] Running PostGre on DVD
>
> >
> Well, a bigger issue is that windows makes things a lot more difficult
> to do if you don't have admin on your account. Yes, there is runas, but
> windows doesn't exactly foster people working from the command line. And
> IIRC runas isn't nearly as nice to use as sudo.
Couldn't the installer cre
> > > I don't understand why an user can't WILLINGLY (by EXPLICITLY
> > > setting an
> > > OPTION) allow a privileged administrator to run PostGre.
> >
> > Well, to start with, it increases the support costs of the
> product as
> > a whole to the community. Adding an option with severe security
On Tue, Nov 15, 2005 at 09:56:03AM -0500, Pollard, Mike wrote:
> a little painful to get to it. But at least by putting it into contrib,
> it may be useful to someone. Especially if the idea is to put a sample
Keep in mind that compiling something on windows is extremely painful
for most people.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: 15 November 2005 15:15
> To: Magnus Hagander
> Cc: pgsql-hackers@postgresql.org
> Subject: Réf. : RE: [HACKERS] Running PostGre on DVD
On Tue, Nov 15, 2005 at 08:10:40AM -0800, Stephan Szabo wrote:
> On Tue, 15 Nov 2005 [EMAIL PROTECTED] wrote:
>
> > I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
> > OPTION) allow a privileged administrator to run PostGre.
>
> Well, to start with, it increases the suppo
Andrew, I'm getting a bit angry (and I'm sorry for that) because I think
the performances of Postgres are better than Firebird and I'm frustrated to
have to compile it whereas it would be simpler for everybody to have an
option.
It seem to be impossible though, I will use Firebird.
Thanks for
On Tue, 15 Nov 2005 [EMAIL PROTECTED] wrote:
> I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
> OPTION) allow a privileged administrator to run PostGre.
Well, to start with, it increases the support costs of the product as a
whole to the community. Adding an option with
On 11/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
> OPTION) allow a privileged administrator to run PostGre.
> It is a MAJOR problem for me, that will force me to use another database
> because my database will be on
NO, it won't reduce everybody's security.
You obviously don't understand what I'm trying to say.
It would NOT be the default option. The user could just choose by
SPECIFYING it, that PostGre don't control the privileged he has.
This discussion is amazing. Without this option, I CANNOT use Po
I don't understand why an user can't WILLINGLY (by EXPLICITLY setting an
OPTION) allow a privileged administrator to run PostGre.
It is a MAJOR problem for me, that will force me to use another database
because my database will be on a DVD and I'm not sure that on the PC on
which it will be ex
On Tue, Nov 15, 2005 at 04:01:24PM +0100, Andreas Joseph Krogh wrote:
> > The example given in this thread certainly isn't going to change
> > anybody's mind. "Hi, I propose reducing everybody's security because
> > my local admins insist on an utterly brain-dead security policy."
>
> Tom, nobody
On Tuesday 15 November 2005 03:37 pm, Tom Lane wrote:
> "Magnus Hagander" <[EMAIL PROTECTED]> writes:
> >> To be honest, the fact that Postgres forces you to run as a
> >> non-admin user has given me nothing but headaches. (yes, I
> >> know, the problem is defaulting everyone to admin rights is
>
> > This has been proposed before, and always rejected. While you're
> > always welcome to provide a patch, I'm very doubtful it would be
> > accepted into the main product.
>
> The example given in this thread certainly isn't going to change
anybody's mind.
> "Hi, I propose reducing everybody'
>
> The example given in this thread certainly isn't going to change
> anybody's mind. "Hi, I propose reducing everybody's security because
> my local admins insist on an utterly brain-dead security policy."
>
What's wrong with that? ;)
But seriously, the proposal is not to reduce everybody's s
"Magnus Hagander" <[EMAIL PROTECTED]> writes:
>> To be honest, the fact that Postgres forces you to run as a
>> non-admin user has given me nothing but headaches. (yes, I
>> know, the problem is defaulting everyone to admin rights is
>> the problem. But that's where I am). I have been kicking
On Tuesday 15 November 2005 03:05 pm, Magnus Hagander wrote:
> > > I explain myself about running PostGre as admin.
> > >
> > > In fact I don't want specifically run PostGre as admin. The problem
> >
> > is, on
> >
> > > the computers the application including PostGre will run,
> >
> > I'm not sure
> > I explain myself about running PostGre as admin.
> >
> > In fact I don't want specifically run PostGre as admin. The problem
> is, on
> > the computers the application including PostGre will run,
> I'm not sure
> > that the user won't have any admin or power user rights.
> Furthermore,
> >
> -Original Message-
> From: Magnus Hagander [mailto:[EMAIL PROTECTED]
> Sent: 15 November 2005 13:45
> To: Dave Page; Martijn van Oosterhout
> Cc: Andreas Joseph Krogh; pgsql-hackers@postgresql.org
> Subject: RE: [HACKERS] Running PostGre on DVD
>
> > >
On Tuesday 15 November 2005 02:16 pm, Pollard, Mike wrote:
> > I explain myself about running PostGre as admin.
> >
> > In fact I don't want specifically run PostGre as admin. The problem
>
> is, on
>
> > the computers the application including PostGre will run, I'm not sure
> > that
> > the user w
> > Yes. And this is a good thing! :-)
> > There is no reason a normal user should be able to run a service
> > process. And services should normally have dedicated accounts, and
> > there is no reason you should ever need to log in as that account
> > interactively.
>
> Yes there is, to setup
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Magnus Hagander
> Sent: 15 November 2005 13:31
> To: Martijn van Oosterhout
> Cc: Andreas Joseph Krogh; pgsql-hackers@postgresql.org
> Subject: Re: [HACKERS] Running Pos
On Tuesday 15 November 2005 02:07 pm, Martijn van Oosterhout wrote:
> On Tue, Nov 15, 2005 at 01:51:04PM +0100, Magnus Hagander wrote:
> > Huh. The stated problem is that the low privilege account does *not*
> > have the required privilege (to log in).
> > Note that PostgreSQL doesn't really requir
> > Huh. The stated problem is that the low privilege account
> does *not*
> > have the required privilege (to log in).
> > Note that PostgreSQL doesn't really require "log on locally" for
> > anything other than initdb. So if you can initdb on a different box
> > and copy it there, or somehow
> I explain myself about running PostGre as admin.
>
> In fact I don't want specifically run PostGre as admin. The problem
is, on
> the computers the application including PostGre will run, I'm not sure
> that
> the user won't have any admin or power user rights. Furthermore, I've
> noticed that o
On Tue, Nov 15, 2005 at 01:51:04PM +0100, Magnus Hagander wrote:
> Huh. The stated problem is that the low privilege account does *not*
> have the required privilege (to log in).
> Note that PostgreSQL doesn't really require "log on locally" for
> anything other than initdb. So if you can initdb on
> > > Why do you need to run PostgreSQL as admin? There
> shouldn't be any
> > > need for this.
> >
> > Actually I've run into a scenario where this was needed. I'm not a
> > Windows expert, so there might be some way to get around this:
> >
> > I have a localadmin account on the workstation(w
On Tue, Nov 15, 2005 at 09:19:23AM +0100, Andreas Joseph Krogh wrote:
> On Tuesday 15 November 2005 12:29 am, Jim C. Nasby wrote:
> > Why do you need to run PostgreSQL as admin? There shouldn't be any need
> > for this.
>
> Actually I've run into a scenario where this was needed. I'm not a Windows
On Tuesday 15 November 2005 12:29 am, Jim C. Nasby wrote:
> Why do you need to run PostgreSQL as admin? There shouldn't be any need
> for this.
Actually I've run into a scenario where this was needed. I'm not a Windows
expert, so there might be some way to get around this:
I have a localadmin ac
I explain myself about running PostGre as admin.
In fact I don't want specifically run PostGre as admin. The problem is, on
the computers the application including PostGre will run, I'm not sure that
the user won't have any admin or power user rights. Furthermore, I've
noticed that on certain
Why do you need to run PostgreSQL as admin? There shouldn't be any need
for this.
Someone has done a PostgreSQL demo CD, I believe based on Knoppix.
The list archives will probably have more info.
On Mon, Nov 14, 2005 at 11:29:10AM +0100, [EMAIL PROTECTED] wrote:
> Hi everybody,
>
> My questions
Hi everybody,
My questions may seem kind of odd.
I would like to run PostGreSQL on a DVD (database on the DVD and if
possible executable on DVD too) on windows.
I want no installation at all, so I took the no install package.
The problem is the need of creating a non-admin user to run PostGr
42 matches
Mail list logo
