Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
От | Tsunakawa, Takayuki |
---|---|
Тема | Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
Дата | |
Msg-id | 0A3221C70F24FB45833433255569204D1F63C6C9@G01JPEXMBYT05 обсуждение исходный текст |
Ответ на | Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled (Michael Paquier <michael.paquier@gmail.com>) |
Ответы |
Re: Re: BUG #13755: pgwin32_is_service not checking if
SECURITY_SERVICE_SID is disabled
|
Список | pgsql-hackers |
From: pgsql-hackers-owner@postgresql.org > [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Michael Paquier > https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs > > .85).aspx > > That's what I looked at as well :) And this part is what caught my attention, > meaning that it is not used by anything else than the SCM: > "The LocalSystem account is a predefined local account used by the service > control manager." The same thing is said about other two special accounts, so they need to be checked if we really believe we need to checkfor LocalSystem. "The LocalService account is a predefined local account used by the service control manager." "The NetworkService account is a predefined local account used by the service control manager." But, in practice, SECURITY_SERVICE_RID has turned out to be enough. > And this implies, at least it seems to me, that trying to run Postgres as > this user is actually not something you'd want to do. Yes, I think people should avoid using LocalSystem for user services like PostgreSQL for security reasons. But the Servicesapplet in the Control Panel allows to select LocalSystem, and pg_ctl register creates a service with LocalSystemaccount when -U is omitted. Regards Takayuki Tsunakawa
В списке pgsql-hackers по дате отправления: