Hi Peter, all On 02/02/2011, at 8:24 AM, Peter Laursen wrote:
Also isn't 'NT AUTHORITY\SYSTEM' what user account MySQL normally uses? But using \Network Service may be an improvement .. I remember we had some discussions. :-)
Yes, there were some discussion indeed in the bugdb.. http://bugs.mysql.com/bug.php?id=45216 (filed by you) for example .System account is the most powerful account, it is the same as “root” on Unix. That is, a bug in mysqld.exe (buffer overflow or something like that) potentially compromises the whole machine. How this could stay this way and pass all Sun and Oracle security reviews, is something I completely fail to understand.
NetworkService has by far less privileges, it does not need password and it can talk Kerberos (good property, as I think at some point Windows authentication will be in Maria as well). SQLServer is using NetworkService to run, so it can’t be wrong.
Then I have a good question! If I install MariaDB with "mysqld - install' command from the .zip distribution under what user account will the service run (SYSTEM or NETWORK) ? I guess that in this respect MariaDB code is not different from MySQL? :-)
And also there seems to be no 64 bit .zip?
Could it have its own account? MSSQL probably ties in with lots of other things, mysqld is pretty self-contained and just needs network access and its local directory tree. Regards, Arjen. -- Arjen Lentz, Exec.Director @ Open Query (http://openquery.com) Remote expertise & maintenance for MySQL/MariaDB server environments. Follow us at http://openquery.com/blog/ & http://twitter.com/openquery