206 lines
		
	
	
		
			6.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			206 lines
		
	
	
		
			6.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| diff --git a/src/backend/main/main.c b/src/backend/main/main.c
 | |
| index e8effe50242..2065061b5bb 100644
 | |
| --- a/src/backend/main/main.c
 | |
| +++ b/src/backend/main/main.c
 | |
| @@ -190,10 +190,6 @@ main(int argc, char *argv[])
 | |
|  			do_check_root = false;
 | |
|  	}
 | |
|  
 | |
| -	/*
 | |
| -	 * Make sure we are not running as root, unless it's safe for the selected
 | |
| -	 * option.
 | |
| -	 */
 | |
|  	if (do_check_root)
 | |
|  		check_root(progname);
 | |
|  
 | |
| @@ -445,41 +441,6 @@ help(const char *progname)
 | |
|  static void
 | |
|  check_root(const char *progname)
 | |
|  {
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)
 | |
| -	{
 | |
| -		write_stderr("\"root\" execution of the PostgreSQL server is not permitted.\n"
 | |
| -					 "The server must be started under an unprivileged user ID to prevent\n"
 | |
| -					 "possible system security compromise.  See the documentation for\n"
 | |
| -					 "more information on how to properly start the server.\n");
 | |
| -		exit(1);
 | |
| -	}
 | |
| -
 | |
| -	/*
 | |
| -	 * Also make sure that real and effective uids are the same. Executing as
 | |
| -	 * a setuid program from a root shell is a security hole, since on many
 | |
| -	 * platforms a nefarious subroutine could setuid back to root if real uid
 | |
| -	 * is root.  (Since nobody actually uses postgres as a setuid program,
 | |
| -	 * trying to actively fix this situation seems more trouble than it's
 | |
| -	 * worth; we'll just expend the effort to check for it.)
 | |
| -	 */
 | |
| -	if (getuid() != geteuid())
 | |
| -	{
 | |
| -		write_stderr("%s: real and effective user IDs must match\n",
 | |
| -					 progname);
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#else							/* WIN32 */
 | |
| -	if (pgwin32_is_admin())
 | |
| -	{
 | |
| -		write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
 | |
| -					 "permitted.\n"
 | |
| -					 "The server must be started under an unprivileged user ID to prevent\n"
 | |
| -					 "possible system security compromises.  See the documentation for\n"
 | |
| -					 "more information on how to properly start the server.\n");
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif							/* WIN32 */
 | |
|  }
 | |
|  
 | |
|  /*
 | |
| diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
 | |
| index 21a0fe3ecd9..2aa44cc9ab8 100644
 | |
| --- a/src/bin/initdb/initdb.c
 | |
| +++ b/src/bin/initdb/initdb.c
 | |
| @@ -815,15 +815,6 @@ get_id(void)
 | |
|  {
 | |
|  	const char *username;
 | |
|  
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)			/* 0 is root's uid */
 | |
| -	{
 | |
| -		pg_log_error("cannot be run as root");
 | |
| -		pg_log_error_hint("Please log in (using, e.g., \"su\") as the (unprivileged) user that will own the server process.");
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif
 | |
| -
 | |
|  	username = get_user_name_or_exit(progname);
 | |
|  
 | |
|  	return pg_strdup(username);
 | |
| diff --git a/src/bin/pg_basebackup/pg_createsubscriber.c b/src/bin/pg_basebackup/pg_createsubscriber.c
 | |
| index a5a2d61165d..a4021734895 100644
 | |
| --- a/src/bin/pg_basebackup/pg_createsubscriber.c
 | |
| +++ b/src/bin/pg_basebackup/pg_createsubscriber.c
 | |
| @@ -1977,20 +1977,6 @@ main(int argc, char **argv)
 | |
|  	};
 | |
|  	opt.recovery_timeout = 0;
 | |
|  
 | |
| -	/*
 | |
| -	 * Don't allow it to be run as root. It uses pg_ctl which does not allow
 | |
| -	 * it either.
 | |
| -	 */
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)
 | |
| -	{
 | |
| -		pg_log_error("cannot be executed by \"root\"");
 | |
| -		pg_log_error_hint("You must run %s as the PostgreSQL superuser.",
 | |
| -						  progname);
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif
 | |
| -
 | |
|  	get_restricted_token();
 | |
|  
 | |
|  	while ((c = getopt_long(argc, argv, "d:D:np:P:s:t:TU:v",
 | |
| diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c
 | |
| index 8a405ff122c..84195a3b8c6 100644
 | |
| --- a/src/bin/pg_ctl/pg_ctl.c
 | |
| +++ b/src/bin/pg_ctl/pg_ctl.c
 | |
| @@ -2235,7 +2235,6 @@ main(int argc, char **argv)
 | |
|  	/* Set restrictive mode mask until PGDATA permissions are checked */
 | |
|  	umask(PG_MODE_MASK_OWNER);
 | |
|  
 | |
| -	/* support --help and --version even if invoked as root */
 | |
|  	if (argc > 1)
 | |
|  	{
 | |
|  		if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
 | |
| @@ -2250,21 +2249,6 @@ main(int argc, char **argv)
 | |
|  		}
 | |
|  	}
 | |
|  
 | |
| -	/*
 | |
| -	 * Disallow running as root, to forestall any possible security holes.
 | |
| -	 */
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)
 | |
| -	{
 | |
| -		write_stderr(_("%s: cannot be run as root\n"
 | |
| -					   "Please log in (using, e.g., \"su\") as the "
 | |
| -					   "(unprivileged) user that will\n"
 | |
| -					   "own the server process.\n"),
 | |
| -					 progname);
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif
 | |
| -
 | |
|  	env_wait = getenv("PGCTLTIMEOUT");
 | |
|  	if (env_wait != NULL)
 | |
|  		wait_seconds = atoi(env_wait);
 | |
| diff --git a/src/bin/pg_resetwal/pg_resetwal.c b/src/bin/pg_resetwal/pg_resetwal.c
 | |
| index 31bc0abff16..951de872d77 100644
 | |
| --- a/src/bin/pg_resetwal/pg_resetwal.c
 | |
| +++ b/src/bin/pg_resetwal/pg_resetwal.c
 | |
| @@ -347,22 +347,6 @@ main(int argc, char *argv[])
 | |
|  		exit(1);
 | |
|  	}
 | |
|  
 | |
| -	/*
 | |
| -	 * Don't allow pg_resetwal to be run as root, to avoid overwriting the
 | |
| -	 * ownership of files in the data directory. We need only check for root
 | |
| -	 * -- any other user won't have sufficient permissions to modify files in
 | |
| -	 * the data directory.
 | |
| -	 */
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)
 | |
| -	{
 | |
| -		pg_log_error("cannot be executed by \"root\"");
 | |
| -		pg_log_error_hint("You must run %s as the PostgreSQL superuser.",
 | |
| -						  progname);
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif
 | |
| -
 | |
|  	get_restricted_token();
 | |
|  
 | |
|  	/* Set mask based on PGDATA permissions */
 | |
| diff --git a/src/bin/pg_rewind/pg_rewind.c b/src/bin/pg_rewind/pg_rewind.c
 | |
| index 2ce99d06d1d..33e0a61c360 100644
 | |
| --- a/src/bin/pg_rewind/pg_rewind.c
 | |
| +++ b/src/bin/pg_rewind/pg_rewind.c
 | |
| @@ -270,22 +270,6 @@ main(int argc, char **argv)
 | |
|  		exit(1);
 | |
|  	}
 | |
|  
 | |
| -	/*
 | |
| -	 * Don't allow pg_rewind to be run as root, to avoid overwriting the
 | |
| -	 * ownership of files in the data directory. We need only check for root
 | |
| -	 * -- any other user won't have sufficient permissions to modify files in
 | |
| -	 * the data directory.
 | |
| -	 */
 | |
| -#ifndef WIN32
 | |
| -	if (geteuid() == 0)
 | |
| -	{
 | |
| -		pg_log_error("cannot be executed by \"root\"");
 | |
| -		pg_log_error_hint("You must run %s as the PostgreSQL superuser.",
 | |
| -						  progname);
 | |
| -		exit(1);
 | |
| -	}
 | |
| -#endif
 | |
| -
 | |
|  	get_restricted_token();
 | |
|  
 | |
|  	/* Set mask based on PGDATA permissions */
 | |
| diff --git a/src/bin/pg_upgrade/option.c b/src/bin/pg_upgrade/option.c
 | |
| index 188dd8d8a8b..cdd032be0fc 100644
 | |
| --- a/src/bin/pg_upgrade/option.c
 | |
| +++ b/src/bin/pg_upgrade/option.c
 | |
| @@ -104,10 +104,6 @@ parseCommandLine(int argc, char *argv[])
 | |
|  		}
 | |
|  	}
 | |
|  
 | |
| -	/* Allow help and version to be run as root, so do the test here. */
 | |
| -	if (os_user_effective_id == 0)
 | |
| -		pg_fatal("%s: cannot be run as root", os_info.progname);
 | |
| -
 | |
|  	while ((option = getopt_long(argc, argv, "b:B:cd:D:j:kNo:O:p:P:rs:U:v",
 | |
|  								 long_options, &optindex)) != -1)
 | |
|  	{
 |