Re: Bug with initDB under windows 2003
От | dror |
---|---|
Тема | Re: Bug with initDB under windows 2003 |
Дата | |
Msg-id | BAY124-W2CC623A64348774E10676F9410@phx.gbl обсуждение исходный текст |
Ответ на | Bug with initDB under windows 2003 ("dror bar" <dror_b@hotmail.com>) |
Список | pgsql-hackers |
Hi Magnus,<br /> <br /> After trying to unlock the nul device using:<br /> Subinacl /service NULL /grant="authenticated users"=QSEILU<br/> <br /><font color="#ff0000">It doesn't solve the problem(even after restating the machine) </font><br /> <br /> Here is the new output from running "Subinacl /service NULL"after the change<br /> <br /> For Administrator:<br /> <br /><br />==============<br />+ServiceNULL<br />==============<br />/control=0x0<br />/owner =system<br />/primary group =system<br />/auditace count =1<br />/aace =everyone SYSTEM_AUDIT_ACE_TYPE-0x2<br /> FAILED_ACCESS_ACE_FLAG-<font>0x80</font> FAILED_ACCESS_ACE_FLAG-0x0x80<br /> SERVICE_ALL_ACCESS<br />/perm. acecount =6<br />/pace =system ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8<br /> SERVICE_START-0x10 SERVICE_STOP-0x20 SERVICE_PAUSE_CONTINUE-0x40 SERVICE<br />_INTERROGATE-0x80<br/> READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100<br />/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_ALL_ACCESS<br />/pace =interactive ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8<br /> SERVICE_INTERROGATE-<font>0x80</font> READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100<br/>/pace =service ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8<br /> SERVICE_INTERROGATE-<font>0x80</font> READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100<br/>/pace =builtin\power users ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8<br /> SERVICE_START-0x10 SERVICE_STOP-0x20 SERVICE_PAUSE_CONTINUE-0x40 SERVICE<br/>_INTERROGATE-0x80<br /> READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100<br />/pace=authenticated users ACCESS_ALLOWED_ACE_TYPE-<font>0x0</font><br /> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8<br /> SERVICE_INTERROGATE-<font>0x80</font> READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100<br/><br />Elapsed Time: 00 00:00:00<br />Done: 1, Modified 0, Failed 0, Syntax errors 0<br />Last Done : NULL<br /><br /><br />Anyway,<br /> It obvious that it some kindof permission issue, but even if this command would have solved the problem it is still mean that the installer shellrun that command before calling to <font>initDB, in order to</font> validate that the user can run the initDB (as itwritten today), Or adding limitation\Warning to the user for known issue and suggest the workaround device,<br /> Or <br/> Changing the initDB code that it should test the nul device permission before forwarding output to there<br /> Or<br/> Fix the code as I suggested (but unfortunately rejected by Tom).<br /> <br /> Regards<br /> Dror<br /><br /><br/><hr id="stopSpelling" /><br /> > Subject: RE: [HACKERS] Bug with initDB under windows 2003<br />> Date: Mon,21 Aug 2006 13:26:11 +0200<br />> From: mha@sollentuna.net<br />> To: dror_b@hotmail.com; kleptog@svana.org<br/>> CC: pgsql-hackers@postgresql.org<br />> <br />> > > I'd be interested in seeing the output from the command:<br/>> > > Subinacl /service NULL<br />> > ><br/>> > > On a system where this does not work.<br />> > ><br />> > <br />> > Here is the output for "Subinacl /service NULL"<br/>> > Both, for the Administrator user and for the Postgres user:<br/>> <br />> Thanks.<br />> <br />> <br />>> Postgres user:<br />> > >Subinacl /service NULL<br />> > SeSecurityPrivilege : Access is denied.<br/>> > WARNING :Unable to set SeSecurityPrivilege privilege. This<br/>> > privilege may be required.<br />> > Error OpenSCManager : Access is denied.<br/>> <br />> That's quite normal - the postgres user doesn't have permission to open<br/>> the SC Manager to view the permissions, because it's not a Power User.<br/>> <br />> <br />> > Administrator user:<br/>> <br />> This is good. It shows one very clear difference from what I have on a<br />>working system, which is:<br />> <br />> > /pace =authenticated users ACCESS_ALLOWED_ACE_TYPE-0x0<br/>> > SERVICE_USER_DEFINED_CONTROL-0x0100<br/>> <br />> On my system, I have:<br />> /pace =authenticated users ACCESS_ALLOWED_ACE_TYPE-0x0<br/>> SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4<br/>> <br />> SERVICE_ENUMERATE_DEPEND-0x8<br/>> SERVICE_INTERROGATE-0x80 READ_CONTROL-0x20000<br />> <br/>> SERVICE_USER_DEFINED_CONTROL-0x0100<br />> <br />> <br />> <br />> So this is the problem. Now to figure out how to fix it :-) From what I<br/>> can tell it simply needs to add back the missing ACE flags. This command<br/>> hopefully should work (not tested apart from the syntax, since I don't<br/>> have a good testig place, but please try it and if it doesn't work see<br/>> if you can figure out what to change):<br/>> <br />> Subinacl /service NULL /grant="authenticated users"=QSEILU<br/>> <br />> <br />> You need to run this as administrator of course, but it should hopefully<br/>> unlock the NUL device again.<br />><br />> //Magnus<br />> <br /><br /><br /><hr />Express yourself instantly with Windows Live Messenger! <a href="http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=joinmsncom/messenger" target="_new">WindowsLive Messenger!</a>
В списке pgsql-hackers по дате отправления: