* Best practice for running pgsql under cygwin?
@ 2012-12-21 18:22 Ryan Johnson
2012-12-22 14:50 ` Andrey Repin
0 siblings, 1 reply; 5+ messages in thread
From: Ryan Johnson @ 2012-12-21 18:22 UTC (permalink / raw)
To: cygwin
Hi all,
I'm trying to set up pgsql for classroom instruction, which means I need
to allow students to connect to my machine, preferably with no OS-level
privileges and minimal database privileges. Setting up the database
roles looks straightforward enough, but I'm having trouble figuring out
how to secure the machine. In particular, the advice to run pgsql as an
unprivileged user seems very good, but all the official docs I can find
for doing so require su/sudo and useradd. Installing pgsql as a service
using the script in /etc/rc.d runs it as the SYSTEM user, which is
anything but unprivileged [1][2]; it seems like the LocalService or
NetworkService account [3] would be a much better choice.
The pgsql README in /usr/doc/cygwin contains no useful information on
the topic; there are lots of third-party pages offering "helpful" advice
for cygwin+pgsql, but we all know how reliable those are (especially
since the most recent one I can find dates from 2008).
Does anybody have some advice on how I might proceed? Note that I don't
actually need it to run as a Windows service, it's just that most docs I
can find seem to point that way. If it would be better to create a pgsql
account (perhaps with help from cygwin-service-installation-helper.sh),
I'd be happy to go that way as well.
Thanks in advance,
Ryan
[1] http://support.microsoft.com/kb/120929
[2]
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx
[3]
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686005%28v=vs.85%29.aspx
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Best practice for running pgsql under cygwin?
2012-12-21 18:22 Best practice for running pgsql under cygwin? Ryan Johnson
@ 2012-12-22 14:50 ` Andrey Repin
2012-12-22 16:18 ` Ryan Johnson
0 siblings, 1 reply; 5+ messages in thread
From: Andrey Repin @ 2012-12-22 14:50 UTC (permalink / raw)
To: Ryan Johnson, cygwin
Greetings, Ryan Johnson!
> I'm trying to set up pgsql for classroom instruction, which means I need
> to allow students to connect to my machine, preferably with no OS-level
> privileges and minimal database privileges.
If your class is about setting up the server, you should really use virtual
machines.
If it's about using SQL on already running server, it makes no difference, if
you've your server as Cygwin port or native application - clients will never
know.
> Setting up the database roles looks straightforward enough, but I'm having
> trouble figuring out how to secure the machine.
It is unclear to me, why you need to let students access the machine.
> In particular, the advice to run pgsql as an
> unprivileged user seems very good, but all the official docs I can find
> for doing so require su/sudo and useradd. Installing pgsql as a service
> using the script in /etc/rc.d runs it as the SYSTEM user, which is
> anything but unprivileged [1][2]; it seems like the LocalService or
> NetworkService account [3] would be a much better choice.
> The pgsql README in /usr/doc/cygwin contains no useful information on
> the topic; there are lots of third-party pages offering "helpful" advice
> for cygwin+pgsql, but we all know how reliable those are (especially
> since the most recent one I can find dates from 2008).
> Does anybody have some advice on how I might proceed? Note that I don't
> actually need it to run as a Windows service, it's just that most docs I
> can find seem to point that way. If it would be better to create a pgsql
> account (perhaps with help from cygwin-service-installation-helper.sh),
> I'd be happy to go that way as well.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 22.12.2012, <18:31>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Best practice for running pgsql under cygwin?
2012-12-22 14:50 ` Andrey Repin
@ 2012-12-22 16:18 ` Ryan Johnson
2012-12-22 20:14 ` bartels
2012-12-23 2:05 ` Andrey Repin
0 siblings, 2 replies; 5+ messages in thread
From: Ryan Johnson @ 2012-12-22 16:18 UTC (permalink / raw)
To: Andrey Repin; +Cc: Andrey Repin
On 22/12/2012 7:36 AM, Andrey Repin wrote:
> Greetings, Ryan Johnson!
>
>> I'm trying to set up pgsql for classroom instruction, which means I need
>> to allow students to connect to my machine, preferably with no OS-level
>> privileges and minimal database privileges.
> If your class is about setting up the server, you should really use virtual
> machines.
> If it's about using SQL on already running server, it makes no difference, if
> you've your server as Cygwin port or native application - clients will never
> know.
>
>> Setting up the database roles looks straightforward enough, but I'm having
>> trouble figuring out how to secure the machine.
> It is unclear to me, why you need to let students access the machine.
Most student work will be done on private installs of pgsql, which they
can set up however they'd like.
However, we're going to do classroom demos at times, including one where
we have fun with different isolation levels; I'll need multiple students
logged into the same database so they can mess with each others'
interactive transactions.
Thanks,
Ryan
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Best practice for running pgsql under cygwin?
2012-12-22 16:18 ` Ryan Johnson
@ 2012-12-22 20:14 ` bartels
2012-12-23 2:05 ` Andrey Repin
1 sibling, 0 replies; 5+ messages in thread
From: bartels @ 2012-12-22 20:14 UTC (permalink / raw)
To: cygwin
On 12/22/2012 05:18 PM, Ryan Johnson wrote:
>
> However, we're going to do classroom demos at times, including one where we have fun with different isolation levels; I'll need multiple
> students logged into the same database so they can mess with each others' interactive transactions.
Postgres has a native Windows installer, does tcp very well and has excellent access control.
It is not clear to me where cygwin comes in, or what it is you are trying to protect.
- bartels
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Best practice for running pgsql under cygwin?
2012-12-22 16:18 ` Ryan Johnson
2012-12-22 20:14 ` bartels
@ 2012-12-23 2:05 ` Andrey Repin
1 sibling, 0 replies; 5+ messages in thread
From: Andrey Repin @ 2012-12-23 2:05 UTC (permalink / raw)
To: Ryan Johnson, cygwin
Greetings, Ryan Johnson!
> On 22/12/2012 7:36 AM, Andrey Repin wrote:
>> Greetings, Ryan Johnson!
>>
>>> I'm trying to set up pgsql for classroom instruction, which means I need
>>> to allow students to connect to my machine, preferably with no OS-level
>>> privileges and minimal database privileges.
>> If your class is about setting up the server, you should really use virtual
>> machines.
>> If it's about using SQL on already running server, it makes no difference, if
>> you've your server as Cygwin port or native application - clients will never
>> know.
>>
>>> Setting up the database roles looks straightforward enough, but I'm having
>>> trouble figuring out how to secure the machine.
>> It is unclear to me, why you need to let students access the machine.
> Most student work will be done on private installs of pgsql, which they
> can set up however they'd like.
> However, we're going to do classroom demos at times, including one where
> we have fun with different isolation levels; I'll need multiple students
> logged into the same database so they can mess with each others'
> interactive transactions.
The answer remains the same - use virtual machines. Probably, with Linux.
Then you would be able to have pre-made system installations for every class,
and what more important, you could easily restore each VM to the state you
want it in for a next group of students taking the same class.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 23.12.2012, <05:51>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-12-23 2:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-12-21 18:22 Best practice for running pgsql under cygwin? Ryan Johnson
2012-12-22 14:50 ` Andrey Repin
2012-12-22 16:18 ` Ryan Johnson
2012-12-22 20:14 ` bartels
2012-12-23 2:05 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).