| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=1.4 required=5.0 tests=AWL,BAYES_05,FREEMAIL_FROM,KAM_THEBAT,KHOP_THREADED,SPF_SOFTFAIL,TW_PG |
| X-Spam-Check-By: | sourceware.org |
| Date: | Sat, 22 Dec 2012 18:36:50 +0400 |
| From: | Andrey Repin <anrdaemon AT freemail DOT ru> |
| Reply-To: | Andrey Repin <cygwin AT cygwin DOT com> |
| Message-ID: | <611019184.20121222183650@mtu-net.ru> |
| To: | Ryan Johnson <ryan DOT johnson AT cs DOT utoronto DOT ca>, cygwin AT cygwin DOT com |
| Subject: | Re: Best practice for running pgsql under cygwin? |
| In-Reply-To: | <50D4A8C6.7000505@cs.utoronto.ca> |
| References: | <50D4A8C6 DOT 7000505 AT cs DOT utoronto DOT ca> |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Greetings, Ryan Johnson! > I'm trying to set up pgsql for classroom instruction, which means I need > to allow students to connect to my machine, preferably with no OS-level > privileges and minimal database privileges. If your class is about setting up the server, you should really use virtual machines. If it's about using SQL on already running server, it makes no difference, if you've your server as Cygwin port or native application - clients will never know. > Setting up the database roles looks straightforward enough, but I'm having > trouble figuring out how to secure the machine. It is unclear to me, why you need to let students access the machine. > In particular, the advice to run pgsql as an > unprivileged user seems very good, but all the official docs I can find > for doing so require su/sudo and useradd. Installing pgsql as a service > using the script in /etc/rc.d runs it as the SYSTEM user, which is > anything but unprivileged [1][2]; it seems like the LocalService or > NetworkService account [3] would be a much better choice. > The pgsql README in /usr/doc/cygwin contains no useful information on > the topic; there are lots of third-party pages offering "helpful" advice > for cygwin+pgsql, but we all know how reliable those are (especially > since the most recent one I can find dates from 2008). > Does anybody have some advice on how I might proceed? Note that I don't > actually need it to run as a Windows service, it's just that most docs I > can find seem to point that way. If it would be better to create a pgsql > account (perhaps with help from cygwin-service-installation-helper.sh), > I'd be happy to go that way as well. -- WBR, Andrey Repin (anrdaemon AT freemail DOT ru) 22.12.2012, <18:31> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |