[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Tue, Sep 20, 2016 at 12:53 PM, Tom Lane wrote: > Robert Haas writes: >> Yeah, random() is the wrong thing. It should use PostmasterRandom(). >> Fixed to do that instead. > > I am not very happy about this patch; have you considered the security > implications of what you just did? Hmm. No. > If you haven't, I'll tell you: > you just made the postmaster's selection of "random" cancel keys and > password salts a lot more predictable. Formerly, the srandom() seed > for those depended on both the postmaster start time and the time of > the first connection request, but this change removes the first > connection request from the equation. If you know the postmaster start > time --- which we will happily tell any asker --- it will not take too > many trials to find the seed that's in use. Realistically, in some large percentage of the real-world installs, that's not going to take too many trials anyway. People don't generally start a postmaster so that they can NOT connect to it, and there are plenty of real-world installations where you can count on the first connection happening in well under 1s. I'd suggest that if you're relying on that time being a secret for anything very security-critical, you're already in trouble. > I'd be the first to agree that this point is inadequately documented > in the code, but PostmasterRandom should be reserved for its existing > security-related uses, not exposed to the world for (ahem) random other > uses. So, we could have dsm_postmaster_startup() seed the random number generator itself, and then let PostmasterRandom() override the seed later. Like maybe: struct timeval tv; gettimeofday(&tv, NULL); srandom(tv.tv_sec); ... dsm_control_handle = random(); dsm_postmaster_startup() doesn't care very much about whether an adversary can predict the chosen DSM control segment ID, but it doesn't want to keep picking the same one. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Sat, May 14, 2016 at 7:33 PM, Robert Haas wrote: > > On Tue, Mar 22, 2016 at 12:56 AM, Amit Kapila wrote: > >> >> Yes, same random number generation is not the problem. In windows apart > >> >> from EEXIST error, EACCES also needs to be validated and returned for > >> >> new random number generation, instead of throwing an error. > >> > > >> > Doing the same handling for EACCES doesn't seem to be sane because if > >> > EACCES > >> > came for reason other than duplicate dsm name, then we want to report > >> > the > >> > error instead of trying to regenerate the name. I think here fix should > >> > be > >> > to append data_dir path as we do for main shared memory. > >> > >> Yes, EACCES may be possible other than duplicate dsm name. > > > > So as far as I can see there are two ways to resolve this issue, one is to > > retry generation of dsm name if CreateFileMapping returns EACCES and second > > is to append data_dir name to dsm name as the same is done for main shared > > memory, that will avoid the error to occur. First approach has minor flaw > > that if CreateFileMapping returns EACCES due to reason other then duplicate > > dsm name which I am not sure is possible to identify, then we should report > > error instead try to regenerate the name > > > > Robert and or others, can you share your opinion on what is the best way to > > proceed for this issue. > > I think we should retry on EACCES. Possibly we should do other things > too, but at least that. It completely misses the point of retrying on > EEXIST if we don't retry on other error codes that can also be > generated when the segment already exists. > Sounds sensible, but if we want to that route, shall we have some mechanism such that if retrying it for 10 times (10 is somewhat arbitrary, but we retry 10 times in PGSharedMemoryCreate, so may be there is some consistency) doesn't give us unique name and we are getting EACCES error, then just throw the error instead of more retries. This is to ensure that if the API is returning EACCES due to reason other than duplicate handle, then we won't retry indefinitely. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Tue, Mar 22, 2016 at 12:56 AM, Amit Kapila wrote: >> >> Yes, same random number generation is not the problem. In windows apart >> >> from EEXIST error, EACCES also needs to be validated and returned for >> >> new random number generation, instead of throwing an error. >> > >> > Doing the same handling for EACCES doesn't seem to be sane because if >> > EACCES >> > came for reason other than duplicate dsm name, then we want to report >> > the >> > error instead of trying to regenerate the name. I think here fix should >> > be >> > to append data_dir path as we do for main shared memory. >> >> Yes, EACCES may be possible other than duplicate dsm name. > > So as far as I can see there are two ways to resolve this issue, one is to > retry generation of dsm name if CreateFileMapping returns EACCES and second > is to append data_dir name to dsm name as the same is done for main shared > memory, that will avoid the error to occur. First approach has minor flaw > that if CreateFileMapping returns EACCES due to reason other then duplicate > dsm name which I am not sure is possible to identify, then we should report > error instead try to regenerate the name > > Robert and or others, can you share your opinion on what is the best way to > proceed for this issue. I think we should retry on EACCES. Possibly we should do other things too, but at least that. It completely misses the point of retrying on EEXIST if we don't retry on other error codes that can also be generated when the segment already exists. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Tue, Mar 22, 2016 at 9:13 AM, Haribabu Kommi wrote: > > On Tue, Mar 22, 2016 at 2:19 PM, Amit Kapila wrote: > > On Mon, Mar 21, 2016 at 6:16 PM, Haribabu Kommi < kommi.harib...@gmail.com> > > wrote: > >> > >> On Mon, Mar 14, 2016 at 4:51 PM, Amit Kapila > >> wrote: > >> >> Operating system - windows 7 > >> >> Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the > >> >> problem) > >> >> > >> >> 1. Create two standard users in the system (test_user1 and test_user2) > >> >> 2. Create two databases belongs each user listed above. > >> >> 3. Now using pg_ctl register the services for the two users. > >> >> 4. Provide logon permissions to these users to run the services by > >> >> changing > >> >> service properties. > >> > > >> > Did you mean to say that you changed Log on as: Local System Account in > >> > service properties or something else? > >> > >> No. Not as local service. The user should be the new standard user > >> that is created > >> in the system. > >> > > > > So what do you exactly mean by "Provide logon permissions to these users", > > can you describe in detail what exactly you have done to give those > > permissions. If I try to do with a new user, it gives me error "could not > > open service manager" at start of service. > > 1. Start the cmd with administrator user and add the new postgresql service > with a standard user that is created. > 2. Start the services window with the user having administrator privileges and > go to the corresponding added service. > 3. Right click on the service provides an properties option. > 4. In the properties, there is an logon tab. Click it > 5. Provide the password for the new user that is used for creating the service. > 6. This adds the user to log on permissions. > I am also able to reproduce the issue with these steps. > >> > >> Yes, same random number generation is not the problem. In windows apart > >> from EEXIST error, EACCES also needs to be validated and returned for > >> new random number generation, instead of throwing an error. > >> > > > > Doing the same handling for EACCES doesn't seem to be sane because if EACCES > > came for reason other than duplicate dsm name, then we want to report the > > error instead of trying to regenerate the name. I think here fix should be > > to append data_dir path as we do for main shared memory. > > Yes, EACCES may be possible other than duplicate dsm name. > So as far as I can see there are two ways to resolve this issue, one is to retry generation of dsm name if CreateFileMapping returns EACCES and second is to append data_dir name to dsm name as the same is done for main shared memory, that will avoid the error to occur. First approach has minor flaw that if CreateFileMapping returns EACCES due to reason other then duplicate dsm name which I am not sure is possible to identify, then we should report error instead try to regenerate the name Robert and or others, can you share your opinion on what is the best way to proceed for this issue. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Tue, Mar 22, 2016 at 2:19 PM, Amit Kapila wrote: > On Mon, Mar 21, 2016 at 6:16 PM, Haribabu Kommi > wrote: >> >> On Mon, Mar 14, 2016 at 4:51 PM, Amit Kapila >> wrote: >> >> Operating system - windows 7 >> >> Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the >> >> problem) >> >> >> >> 1. Create two standard users in the system (test_user1 and test_user2) >> >> 2. Create two databases belongs each user listed above. >> >> 3. Now using pg_ctl register the services for the two users. >> >> 4. Provide logon permissions to these users to run the services by >> >> changing >> >> service properties. >> > >> > Did you mean to say that you changed Log on as: Local System Account in >> > service properties or something else? >> >> No. Not as local service. The user should be the new standard user >> that is created >> in the system. >> > > So what do you exactly mean by "Provide logon permissions to these users", > can you describe in detail what exactly you have done to give those > permissions. If I try to do with a new user, it gives me error "could not > open service manager" at start of service. 1. Start the cmd with administrator user and add the new postgresql service with a standard user that is created. 2. Start the services window with the user having administrator privileges and go to the corresponding added service. 3. Right click on the service provides an properties option. 4. In the properties, there is an logon tab. Click it 5. Provide the password for the new user that is used for creating the service. 6. This adds the user to log on permissions. >> >> >> 5. Now try to start the services, the second service fails with the >> >> error message. >> >> 6. Error details can be found out in Event log viewer. >> >> >> > >> > If I follow above steps and do as I mentioned for step-4, I am not able >> > to >> > reproduce the issue on Windows-7 m/c using code of HEAD. >> >> I am not able to start a service with HEAD code in the same machine, where >> as it is working for 9.5. I will look into it later and update it. >> > > Okay. But it is confusing for me because you told earlier that you are able > to reproduce problem in 9.5. I am able to reproduce the problem with 9.5 binary. I am getting Access Denied problem when i try to start the 9.6 binary service with the local user. >> >> Yes, it is working as same user services. The main problem is, >> >> PostgreSQL >> >> as a service for two different users in the same system is not working >> >> because >> >> of same random getting generated for two services. >> >> >> > >> > I am not sure why you think same random number is problem, as mentioned >> > above, even if the dsm name is same due to same random number, the code >> > has >> > logic to process it appropriately (regenerate the name of dsm). Having >> > said >> > that, I don't mean to say that we shouldn't have logic to generate >> > unique >> > name and I think we might want to add data dir path to name generation >> > as we >> > do for main shared memory, however it is better to first completely >> > understand the underneath issue. >> >> Yes, same random number generation is not the problem. In windows apart >> from EEXIST error, EACCES also needs to be validated and returned for >> new random number generation, instead of throwing an error. >> > > Doing the same handling for EACCES doesn't seem to be sane because if EACCES > came for reason other than duplicate dsm name, then we want to report the > error instead of trying to regenerate the name. I think here fix should be > to append data_dir path as we do for main shared memory. Yes, EACCES may be possible other than duplicate dsm name. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Mon, Mar 21, 2016 at 6:16 PM, Haribabu Kommi wrote: > > On Mon, Mar 14, 2016 at 4:51 PM, Amit Kapila wrote: > >> Operating system - windows 7 > >> Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the > >> problem) > >> > >> 1. Create two standard users in the system (test_user1 and test_user2) > >> 2. Create two databases belongs each user listed above. > >> 3. Now using pg_ctl register the services for the two users. > >> 4. Provide logon permissions to these users to run the services by > >> changing > >> service properties. > > > > Did you mean to say that you changed Log on as: Local System Account in > > service properties or something else? > > No. Not as local service. The user should be the new standard user > that is created > in the system. > So what do you exactly mean by "Provide logon permissions to these users", can you describe in detail what exactly you have done to give those permissions. If I try to do with a new user, it gives me error "could not open service manager" at start of service. > > >> 5. Now try to start the services, the second service fails with the > >> error message. > >> 6. Error details can be found out in Event log viewer. > >> > > > > If I follow above steps and do as I mentioned for step-4, I am not able to > > reproduce the issue on Windows-7 m/c using code of HEAD. > > I am not able to start a service with HEAD code in the same machine, where > as it is working for 9.5. I will look into it later and update it. > Okay. But it is confusing for me because you told earlier that you are able to reproduce problem in 9.5. > >> Yes, it is working as same user services. The main problem is, PostgreSQL > >> as a service for two different users in the same system is not working > >> because > >> of same random getting generated for two services. > >> > > > > I am not sure why you think same random number is problem, as mentioned > > above, even if the dsm name is same due to same random number, the code has > > logic to process it appropriately (regenerate the name of dsm). Having said > > that, I don't mean to say that we shouldn't have logic to generate unique > > name and I think we might want to add data dir path to name generation as we > > do for main shared memory, however it is better to first completely > > understand the underneath issue. > > Yes, same random number generation is not the problem. In windows apart > from EEXIST error, EACCES also needs to be validated and returned for > new random number generation, instead of throwing an error. > Doing the same handling for EACCES doesn't seem to be sane because if EACCES came for reason other than duplicate dsm name, then we want to report the error instead of trying to regenerate the name. I think here fix should be to append data_dir path as we do for main shared memory. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Mon, Mar 14, 2016 at 4:51 PM, Amit Kapila wrote: > On Fri, Mar 11, 2016 at 5:21 PM, Haribabu Kommi > wrote: >> >> On Fri, Mar 11, 2016 at 12:00 AM, Amit Kapila >> wrote: >> >> >> >> I am not able to find the reason for this error. This error is >> >> occurring >> >> only >> >> when the PostgreSQL is started as a service only. >> >> >> > >> > Did you use pg_ctl register/unregister to register different services. >> > Can >> > you share the detail steps and OS version on which you saw this >> > behaviour? >> >> Operating system - windows 7 >> Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the >> problem) >> >> 1. Create two standard users in the system (test_user1 and test_user2) >> 2. Create two databases belongs each user listed above. >> 3. Now using pg_ctl register the services for the two users. >> 4. Provide logon permissions to these users to run the services by >> changing >> service properties. > > Did you mean to say that you changed Log on as: Local System Account in > service properties or something else? No. Not as local service. The user should be the new standard user that is created in the system. >> 5. Now try to start the services, the second service fails with the >> error message. >> 6. Error details can be found out in Event log viewer. >> > > If I follow above steps and do as I mentioned for step-4, I am not able to > reproduce the issue on Windows-7 m/c using code of HEAD. I am not able to start a service with HEAD code in the same machine, where as it is working for 9.5. I will look into it later and update it. >> Yes, it is working as same user services. The main problem is, PostgreSQL >> as a service for two different users in the same system is not working >> because >> of same random getting generated for two services. >> > > I am not sure why you think same random number is problem, as mentioned > above, even if the dsm name is same due to same random number, the code has > logic to process it appropriately (regenerate the name of dsm). Having said > that, I don't mean to say that we shouldn't have logic to generate unique > name and I think we might want to add data dir path to name generation as we > do for main shared memory, however it is better to first completely > understand the underneath issue. Yes, same random number generation is not the problem. In windows apart from EEXIST error, EACCES also needs to be validated and returned for new random number generation, instead of throwing an error. > If I understand correctly, here the problem is due to the reason that the > second user doesn't have appropriate access rights to access the object > created by first user. On reading the documentation of CreateFileMapping(), > it seems that user should have SeCreateGlobalPrivilege privilege to create > an object in Global namespace. Can you once try giving that privilege to > the users created by you? To give this privilege, go to control > panel->System And Security->Administrative Tools->Local Security > Policy->Local Policies->User Rights Assignment, in the right window, select > Create global objects and double-click the same and add the newly created > users. Rerun your test after these steps. Thanks for providing details. I added the two newly created objects into create global objects, still the same error occurred. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Fri, Mar 11, 2016 at 5:21 PM, Haribabu Kommi wrote: > > On Fri, Mar 11, 2016 at 12:00 AM, Amit Kapila wrote: > > > >> I am not able to find the reason for this error. This error is occurring > >> only > >> when the PostgreSQL is started as a service only. > >> > > > > Did you use pg_ctl register/unregister to register different services. Can > > you share the detail steps and OS version on which you saw this behaviour? > > Operating system - windows 7 > Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the problem) > > 1. Create two standard users in the system (test_user1 and test_user2) > 2. Create two databases belongs each user listed above. > 3. Now using pg_ctl register the services for the two users. > 4. Provide logon permissions to these users to run the services by changing > service properties. Did you mean to say that you changed Log on as: Local System Account in service properties or something else? > 5. Now try to start the services, the second service fails with the > error message. > 6. Error details can be found out in Event log viewer. > If I follow above steps and do as I mentioned for step-4, I am not able to reproduce the issue on Windows-7 m/c using code of HEAD. > Yes, it is working as same user services. The main problem is, PostgreSQL > as a service for two different users in the same system is not working because > of same random getting generated for two services. > I am not sure why you think same random number is problem, as mentioned above, even if the dsm name is same due to same random number, the code has logic to process it appropriately (regenerate the name of dsm). Having said that, I don't mean to say that we shouldn't have logic to generate unique name and I think we might want to add data dir path to name generation as we do for main shared memory, however it is better to first completely understand the underneath issue. If I understand correctly, here the problem is due to the reason that the second user doesn't have appropriate access rights to access the object created by first user. On reading the documentation of CreateFileMapping(), it seems that user should have SeCreateGlobalPrivilege privilege to create an object in Global namespace. Can you once try giving that privilege to the users created by you? To give this privilege, go to control panel->System And Security->Administrative Tools->Local Security Policy->Local Policies->User Rights Assignment, in the right window, select Create global objects and double-click the same and add the newly created users. Rerun your test after these steps. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Fri, Mar 11, 2016 at 11:15 PM, Amit Kapila wrote: > On Fri, Mar 11, 2016 at 5:21 PM, Haribabu Kommi > wrote: >> >> On Fri, Mar 11, 2016 at 12:00 AM, Amit Kapila >> wrote: >> > >> > Okay, so one probable theory for such an error could be that when there >> > is >> > already an object with same name exists, this API requests access to the >> > that existing object and found that it can't access it due to some >> > reason. >> > On googling, I found some people suggesting to try by disabling UAC [1] >> > on >> > your m/c, can you once try that to see what is the result (this >> > experiment >> > is just to find out the actual reason of failure, rather than a >> > permanent >> > change suggestion). >> >> Thanks for the details. Currently I am unable to change the UAC settings >> in my >> laptop. I will try to do it in a different system and let you know the >> result later. >> >> >> >> >> I am not able to find the reason for this error. This error is >> >> occurring >> >> only >> >> when the PostgreSQL is started as a service only. >> >> >> > >> > Did you use pg_ctl register/unregister to register different services. >> > Can >> > you share the detail steps and OS version on which you saw this >> > behaviour? >> >> Operating system - windows 7 >> Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the >> problem) >> >> 1. Create two standard users in the system (test_user1 and test_user2) > > I think one possibility is that one user is not able to access the object > created by another user, if possible can you as well try with just one user > (Have same user for both the services). Yes, it is working as same user services. The main problem is, PostgreSQL as a service for two different users in the same system is not working because of same random getting generated for two services. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Fri, Mar 11, 2016 at 5:21 PM, Haribabu Kommi wrote: > > On Fri, Mar 11, 2016 at 12:00 AM, Amit Kapila wrote: > > > > Okay, so one probable theory for such an error could be that when there is > > already an object with same name exists, this API requests access to the > > that existing object and found that it can't access it due to some reason. > > On googling, I found some people suggesting to try by disabling UAC [1] on > > your m/c, can you once try that to see what is the result (this experiment > > is just to find out the actual reason of failure, rather than a permanent > > change suggestion). > > Thanks for the details. Currently I am unable to change the UAC settings in my > laptop. I will try to do it in a different system and let you know the > result later. > > > > >> I am not able to find the reason for this error. This error is occurring > >> only > >> when the PostgreSQL is started as a service only. > >> > > > > Did you use pg_ctl register/unregister to register different services. Can > > you share the detail steps and OS version on which you saw this behaviour? > > Operating system - windows 7 > Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the problem) > > 1. Create two standard users in the system (test_user1 and test_user2) I think one possibility is that one user is not able to access the object created by another user, if possible can you as well try with just one user (Have same user for both the services). With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Fri, Mar 11, 2016 at 12:00 AM, Amit Kapila wrote: > On Wed, Mar 9, 2016 at 5:46 PM, Haribabu Kommi > wrote: >> On Wed, Mar 9, 2016 at 10:06 PM, Amit Kapila >> wrote: >> > On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi >> > >> > wrote: >> >> >> >> >> >> I tried replacing the random() with PostmaterRandom() for a test and it >> >> worked. >> >> This is generating different random values, so the issue is not >> >> occurring. >> >> >> >> "Global/PostgreSQL.2115609797" >> >> >> >> I feel, we should add the the data directory path + the random number >> >> to >> >> generate the name for dynamic shared memory, this can fix problem. >> >> >> > >> > As mentioned above, I think if we can investigate why this error is >> > generated, that will be helpful. Currently the code ensures that if the >> > segment already exists, it should retry to create a segment with other >> > name >> > (refer dsm_impl_windows()), so the point of investigation is, why it is >> > not >> > going via that path? I am guessing due to some reason >> > CreateFileMapping() >> > is returning NULL in this case whereas ideally it should return the >> > existing >> > handle with an error ERROR_ALREADY_EXISTS. >> >> DEBUG: mapped win32 error code 5 to 13 >> >> Yes, the CreateFileMapping() is returning NULL with an error of >> ERROR_ACCESS_DENIED. >> > > Okay, so one probable theory for such an error could be that when there is > already an object with same name exists, this API requests access to the > that existing object and found that it can't access it due to some reason. > On googling, I found some people suggesting to try by disabling UAC [1] on > your m/c, can you once try that to see what is the result (this experiment > is just to find out the actual reason of failure, rather than a permanent > change suggestion). Thanks for the details. Currently I am unable to change the UAC settings in my laptop. I will try to do it in a different system and let you know the result later. >> I am not able to find the reason for this error. This error is occurring >> only >> when the PostgreSQL is started as a service only. >> > > Did you use pg_ctl register/unregister to register different services. Can > you share the detail steps and OS version on which you saw this behaviour? Operating system - windows 7 Binary - PostgreSQL 9.5 (This doesn't matter, 9.4+ can produce the problem) 1. Create two standard users in the system (test_user1 and test_user2) 2. Create two databases belongs each user listed above. 3. Now using pg_ctl register the services for the two users. 4. Provide logon permissions to these users to run the services by changing service properties. 5. Now try to start the services, the second service fails with the error message. 6. Error details can be found out in Event log viewer. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Wed, Mar 9, 2016 at 5:46 PM, Haribabu Kommi wrote: > On Wed, Mar 9, 2016 at 10:06 PM, Amit Kapila wrote: > > On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi < kommi.harib...@gmail.com> > > wrote: > >> > >> > >> I tried replacing the random() with PostmaterRandom() for a test and it > >> worked. > >> This is generating different random values, so the issue is not occurring. > >> > >> "Global/PostgreSQL.2115609797" > >> > >> I feel, we should add the the data directory path + the random number to > >> generate the name for dynamic shared memory, this can fix problem. > >> > > > > As mentioned above, I think if we can investigate why this error is > > generated, that will be helpful. Currently the code ensures that if the > > segment already exists, it should retry to create a segment with other name > > (refer dsm_impl_windows()), so the point of investigation is, why it is not > > going via that path? I am guessing due to some reason CreateFileMapping() > > is returning NULL in this case whereas ideally it should return the existing > > handle with an error ERROR_ALREADY_EXISTS. > > DEBUG: mapped win32 error code 5 to 13 > > Yes, the CreateFileMapping() is returning NULL with an error of > ERROR_ACCESS_DENIED. > Okay, so one probable theory for such an error could be that when there is already an object with same name exists, this API requests access to the that existing object and found that it can't access it due to some reason. On googling, I found some people suggesting to try by disabling UAC [1] on your m/c, can you once try that to see what is the result (this experiment is just to find out the actual reason of failure, rather than a permanent change suggestion). > > I am not able to find the reason for this error. This error is occurring only > when the PostgreSQL is started as a service only. > Did you use pg_ctl register/unregister to register different services. Can you share the detail steps and OS version on which you saw this behaviour? [1] - http://windows.microsoft.com/en-in/windows/turn-user-account-control-on-off#1TC=windows-7 With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Thu, Mar 10, 2016 at 5:30 AM, Robert Haas wrote: > On Wed, Mar 9, 2016 at 7:16 AM, Haribabu Kommi > wrote: >> On Wed, Mar 9, 2016 at 10:06 PM, Amit Kapila wrote: >>> On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi >>> wrote: I tried replacing the random() with PostmaterRandom() for a test and it worked. This is generating different random values, so the issue is not occurring. "Global/PostgreSQL.2115609797" I feel, we should add the the data directory path + the random number to generate the name for dynamic shared memory, this can fix problem. >>> >>> As mentioned above, I think if we can investigate why this error is >>> generated, that will be helpful. Currently the code ensures that if the >>> segment already exists, it should retry to create a segment with other name >>> (refer dsm_impl_windows()), so the point of investigation is, why it is not >>> going via that path? I am guessing due to some reason CreateFileMapping() >>> is returning NULL in this case whereas ideally it should return the existing >>> handle with an error ERROR_ALREADY_EXISTS. >> >> DEBUG: mapped win32 error code 5 to 13 >> >> Yes, the CreateFileMapping() is returning NULL with an error of >> ERROR_ACCESS_DENIED. >> I am not able to find the reason for this error. This error is occurring only >> when the PostgreSQL is started as a service only. > > Another question is: why are both postmasters returning the same > random number? That's not very, uh, random. The random number is generated from our own implementation of random function. The random function internally calls the pg_lrand48 function to get the random value. This function generates the random number based on specified random seed and pre-defined calculations. Because of this reason, the same random number is getting generated every time. In LInux, the random function is used from the glibc, there also it is generating the same random number as the first number, but if the number is used by some process then it is generating a different random number for the next PostgreSQL process. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Wed, Mar 9, 2016 at 7:16 AM, Haribabu Kommi wrote: > On Wed, Mar 9, 2016 at 10:06 PM, Amit Kapila wrote: >> On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi >> wrote: >>> >>> >>> I tried replacing the random() with PostmaterRandom() for a test and it >>> worked. >>> This is generating different random values, so the issue is not occurring. >>> >>> "Global/PostgreSQL.2115609797" >>> >>> I feel, we should add the the data directory path + the random number to >>> generate the name for dynamic shared memory, this can fix problem. >>> >> >> As mentioned above, I think if we can investigate why this error is >> generated, that will be helpful. Currently the code ensures that if the >> segment already exists, it should retry to create a segment with other name >> (refer dsm_impl_windows()), so the point of investigation is, why it is not >> going via that path? I am guessing due to some reason CreateFileMapping() >> is returning NULL in this case whereas ideally it should return the existing >> handle with an error ERROR_ALREADY_EXISTS. > > DEBUG: mapped win32 error code 5 to 13 > > Yes, the CreateFileMapping() is returning NULL with an error of > ERROR_ACCESS_DENIED. > I am not able to find the reason for this error. This error is occurring only > when the PostgreSQL is started as a service only. Another question is: why are both postmasters returning the same random number? That's not very, uh, random. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Wed, Mar 9, 2016 at 10:06 PM, Amit Kapila wrote: > On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi > wrote: >> >> >> I tried replacing the random() with PostmaterRandom() for a test and it >> worked. >> This is generating different random values, so the issue is not occurring. >> >> "Global/PostgreSQL.2115609797" >> >> I feel, we should add the the data directory path + the random number to >> generate the name for dynamic shared memory, this can fix problem. >> > > As mentioned above, I think if we can investigate why this error is > generated, that will be helpful. Currently the code ensures that if the > segment already exists, it should retry to create a segment with other name > (refer dsm_impl_windows()), so the point of investigation is, why it is not > going via that path? I am guessing due to some reason CreateFileMapping() > is returning NULL in this case whereas ideally it should return the existing > handle with an error ERROR_ALREADY_EXISTS. DEBUG: mapped win32 error code 5 to 13 Yes, the CreateFileMapping() is returning NULL with an error of ERROR_ACCESS_DENIED. I am not able to find the reason for this error. This error is occurring only when the PostgreSQL is started as a service only. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Wed, Mar 9, 2016 at 11:46 AM, Haribabu Kommi wrote: > > > I tried replacing the random() with PostmaterRandom() for a test and it worked. > This is generating different random values, so the issue is not occurring. > > "Global/PostgreSQL.2115609797" > > I feel, we should add the the data directory path + the random number to > generate the name for dynamic shared memory, this can fix problem. > As mentioned above, I think if we can investigate why this error is generated, that will be helpful. Currently the code ensures that if the segment already exists, it should retry to create a segment with other name (refer dsm_impl_windows()), so the point of investigation is, why it is not going via that path? I am guessing due to some reason CreateFileMapping() is returning NULL in this case whereas ideally it should return the existing handle with an error ERROR_ALREADY_EXISTS. With Regards, Amit Kapila. EnterpriseDB: http://www.enterprisedb.com
[HACKERS] Re: [HACKERS] Re: [HACKERS] Re: [HACKERS] Windows service is not starting so there’s message in log: FATAL: "could not create shared memory segment “Global/PostgreSQL.851401618”: Permission
On Sun, Oct 18, 2015 at 1:03 AM, Tom Lane wrote: > Amit Kapila writes: >> On Sat, Oct 17, 2015 at 12:07 AM, Robert Haas wrote: >>> Maybe we need to be using PostmasterRandom() rather than random() for >>> the control segment name. > >> +1. Though I think it is better to investigate the actual cause before >> doing this. > > BackendRun() deliberately prevents that from working. And it also sets > srandom() to a new value for each subprocess, so that AFAICS this idea > would be a net negative. If you are seeing duplicate key values getting > selected, the problem is elsewhere. Coming back to an old thread, recently I got a problem in starting two PostgreSQL services with a user that is not an administrator. The error message is as follows. FATAL: could not create shared memory segment "Global/PostgreSQL.851401618": Permission denied The issue is happening only with the processes that are running as service. I observed that the handle received in creating the dynamic shared memory is same for two services, because of which the Access denied error is thrown by the operating system and thus it leads to failure. The PG shared memory name is always includes the data directory path as below, because of which it doesn't match with two services. "Global/PostgreSQL:C:/work/FEP/installation/bin/data" But whereas the dynamic shared memory is formed with a random number and this number getting generated same for two service thus it leads to failure. "Global/PostgreSQL.85140161" I tried replacing the random() with PostmaterRandom() for a test and it worked. This is generating different random values, so the issue is not occurring. "Global/PostgreSQL.2115609797" I feel, we should add the the data directory path + the random number to generate the name for dynamic shared memory, this can fix problem. comments? Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
