From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Michael Paquier
> Meh. Local System accounts are used only by services (see comments of
> pgwin32_is_service), so I'd expect pgwin32_is_service() to return true in
> this case, contrary to what your v5 is doing. v4 is doing it better I think
> at quick glance.
> Not relying on the fact that local system accounts are only used by services
> looks bad to me.
I believe v5 is correct for two reasons:
(1)
SECURITY_SERVICE_RID is enough to check, because the process gets SECURITY_SERVICE_RID when it runs as a service.
https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379649(v=vs.85).aspx
SECURITY_SERVICE_RID
Accounts authorized to log on as a service. This is a group identifier added to the token of a process when it was
loggedas a service. The corresponding logon type is LOGON32_LOGON_SERVICE.
I saw descriptions that LocalSystem is used by the SCM, but didn't find a statement that LocalSystem is used only by
SCMand services. In addition, if the check for LocalSystem is really necessary, LocalService and NetworkService also
needto be checked.
https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs.85).aspx
(Japanese article)http://www.atmarkit.co.jp/ait/articles/0905/08/news095.html
(2)
The OP wants to explicitly run postgres.exe outside the service even when his app runs as a service, so that the app
canread postgres's messages from its stdout/stderr. So, he disabled SECURITY_SERVICE_RID when starting postgres.exe.
Hisusers may run his app as a service under LocalSystem.
[Excerpt]
--------------------------------------------------
We ship PG with our own product, which may or may not be
installed as a service. When running PG, we run postgres.exe directly via a
Tcl-based wrapper script so that we can monitor the output in real time.
When our product is installed as a service, we use CreateRestrictedToken to
disable all admin rights as well as the SECURITY_SERVICE_RID, and use the
returned token with CreateProcessAsUser, for which we also specify
CREATE_NEW_CONSOLE. This process then calls our wrapper script. Inside
this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for
all 3: in, out, and err. Yet when the script calls postgres.exe, nothing is
received on the output. As mentioned above, nothing is logged in the event
log, either.
--------------------------------------------------
Regards
Takayuki Tsunakawa