| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-1.6 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL,TW_PG,T_RP_MATCHES_RCVD |
| X-Spam-Check-By: | sourceware.org |
| Message-ID: | <50D4A8C6.7000505@cs.utoronto.ca> |
| Date: | Fri, 21 Dec 2012 11:21:58 -0700 |
| From: | Ryan Johnson <ryan DOT johnson AT cs DOT utoronto DOT ca> |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
| MIME-Version: | 1.0 |
| To: | "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com> |
| Subject: | Best practice for running pgsql under cygwin? |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Hi all, I'm trying to set up pgsql for classroom instruction, which means I need to allow students to connect to my machine, preferably with no OS-level privileges and minimal database privileges. Setting up the database roles looks straightforward enough, but I'm having trouble figuring out how to secure the machine. In particular, the advice to run pgsql as an unprivileged user seems very good, but all the official docs I can find for doing so require su/sudo and useradd. Installing pgsql as a service using the script in /etc/rc.d runs it as the SYSTEM user, which is anything but unprivileged [1][2]; it seems like the LocalService or NetworkService account [3] would be a much better choice. The pgsql README in /usr/doc/cygwin contains no useful information on the topic; there are lots of third-party pages offering "helpful" advice for cygwin+pgsql, but we all know how reliable those are (especially since the most recent one I can find dates from 2008). Does anybody have some advice on how I might proceed? Note that I don't actually need it to run as a Windows service, it's just that most docs I can find seem to point that way. If it would be better to create a pgsql account (perhaps with help from cygwin-service-installation-helper.sh), I'd be happy to go that way as well. Thanks in advance, Ryan [1] http://support.microsoft.com/kb/120929 [2] http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx [3] http://msdn.microsoft.com/en-us/library/windows/desktop/ms686005%28v=vs.85%29.aspx -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |