From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs > > .85).aspx > > That's what I looked at as well :) And this part is what caught my attention, > meaning that it is not used by anything else than the SCM: > "The LocalSystem account is a predefined local account used by the service > control manager."
The same thing is said about other two special accounts, so they need to be checked if we really believe we need to check for LocalSystem. "The LocalService account is a predefined local account used by the service control manager." "The NetworkService account is a predefined local account used by the service control manager." But, in practice, SECURITY_SERVICE_RID has turned out to be enough. > And this implies, at least it seems to me, that trying to run Postgres as > this user is actually not something you'd want to do. Yes, I think people should avoid using LocalSystem for user services like PostgreSQL for security reasons. But the Services applet in the Control Panel allows to select LocalSystem, and pg_ctl register creates a service with LocalSystem account when -U is omitted. Regards Takayuki Tsunakawa -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers