"Andreas Pflug" <pgadmin@pse-consulting.de> wrote:
> Bruce Momjian wrote:
>
> >>We'll also need to decide the Windows equivalent of the 'don't run as
> >>root' rule - or even if we want to enforce it at all, given that it
> >>appears to be very common practice on Windows to run all services as a
> >>user with Administrator privileges.
> >>
> >>
> >
> >I assume we will relax that for Win32. I don't think non-Administrators
> >have the same isolation on Win32 as non-root users have on Unix.
> >
> >
> While it's best practice for *ix to work as non-root, many windows users
> will be administrator-equivalent. The "Local System account" commonly
> used to run services is even more privileged than the local admin. So
> the restriction to non-admins won't make too much sense.
Work as non-root is a good practice for windows user too, I'll not bet
for the future that on windows all users will be "super user";
you can choose to start a service like a non super user too, I'd like to
mantain the same policy on windows too.
Regards
Gaetano Mendola