On 09/17/2014 05:35 AM, Michael Paquier wrote: > On Thu, Sep 11, 2014 at 10:25 PM, Craig Ringer <craig@xxxxxxxxxxxxxxx> wrote: >> The PostgreSQL installer now uses the NETWORKSERVICE account on Windows >> by default (as of 9.2), instead of creating a "postgres" account with >> username and password. Which is a big improvement to usability. > Using NETWORKSERVICE is not cool as it is created by the system and > may be shared by some other processes. I am not sure about the > security implications but this sounds weird and should be avoided if > possible. (Resurrecting this discussion as I missed your reply) Using NETWORK SERVICE is not ideal. Unfortunately, prior to Windows 7 the platform doesn't have a sane way to create service accounts. Users are expected to create a service account with a password, know what that password is, and be able to supply that password again when later required by other installers. The alternative, which I advocated in the past, is to generate a random password to use as the service account password, and store that service account password in the Registry using key only readable by the Administrators group and SYSTEM user. So our installer(s) could read the service account password when required and the user doesn't have to deal with the WTFery of having a system "postgres" password that's different to the postgres user account password. This is more secure than using NETWORK SERVICE, not less, but I wasn't able to convince anyone that we should do it. Using NETWORK SERVICE is less bad than what we had before - and users can still create a service account if they want, the default just changed to one that won't cause endless install problems and confusion. At this point I think we can just not care for older Windows versions and focus on doing it right on Windows 7 and above, which has sensible passwordless service accounts. >> It may be worth adopting this when the installer detects a Windows 7 / >> Win2k8 R2 or newer system - just create an account like: >> >> NT Service\PostgreSQL$EDB-9.4-x86 > By looking here: > http://msdn.microsoft.com/en-us/library/windows/desktop/bb545671%28v=vs.85%29.aspx > You'd need to be sure as well that there are necessary privileges in > ALL SERVICES: at least SeServiceLogonRight and optionally > SeNetworkLogonRight for network stuff. I guess that it is as well > necessary to be careful about the platform version and to have a > fallback mechanism to NETWORKSERVICE if platform version is rather > old (older than 6.1 for Win2k8 R2 and Win7?!) or if necessary > privileges are not present but well you are aware of that already :) -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general