On Thu, Aug 13, 2009 at 13:21, PG Subscriber<mypgsub@xxxxxxxxx> wrote: > I'm on Windows XP SP 2, trying to run PostgreSQL 8.3.4. > > Running postgres.exe gives the error: > > "Execution of PostgreSQL by a user with administrative permissions is > not permitted. > The server must be started under an unprivileged user ID to prevent > possible system security compromises. See the documentation for more > information on how to properly start the server. > " > > > Now, at the postgres wiki it says: > http://wiki.postgresql.org/wiki/Running_%26_Installing_PostgreSQL_On_Native_Windows#Why_do_I_need_a_non-administrator_account_to_run_PostgreSQL_under.3F > " Why do I need a non-administrator account to run PostgreSQL under? > > When a hacker gains entry to a computer using a software bug in a > package, she gains the permissions of the user account under which the > service is run. Whilst we do not know of any such bugs in PostgreSQL, we > enforce the use of a non-administrative service account to minimise the > possible damage that a hacker could do should they find and utilise a > bug in PostgreSQL to hack the system. > > This has long been common practice in the Unix world, and is starting to > become standard practice in the Windows world as well as Microsoft and > other vendors work to improve the security of their systems. > > Note, that with the release of PostgreSQL 8.2, it is possible to run > under a administrative account. PostgreSQL 8.2 and above are able to > irrevocably give up administrative rights at startup thus ensuring the > rest of the system remains secure in the extremely unlikely event that > PostgreSQL becomes compromised. > " > > > So, I'm running a recent enough version of pg, now how do I get it to > drop Administrator privs so it will run, rather than give me an error? > Is there some special command line -c option or something (I would have > thought this would be outomatic, but evidently not)? > The privilege dropping functionality lives in pg_ctl, so it will only work if you start the server through pg_ctl (or as a service). -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
