maria-developers team mailing list archive

[Vladislav Vaintroub <wlad@xxxxxxx>]

From: Peter Laursen [mailto:peter_laursen@xxxxxxxxxx] 
Sent: Monday, October 19, 2009 7:00 PM
To: Vladislav Vaintroub
Cc: Sergey Petrunya; Henrik Ingo; maria-developers@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Maria-developers] Windows installer, part 2

>@Vlad .. we have discussed that already - but the main reason is another: With UAC ('user account control') ON on Vista and higher even an admin user cannot write to 'program files' unless progeam is started with explicit admin >privilege. If server is isntalle to \program files and a user starts the server from command line *as a user*(NOTE: an admin user does not neccesarily have admin privileges with UAC on)  all writes will to to user's \virtualstore >folder - what means that database files will be duplicated: one copy for 'system' and one for 'user.
.
>Please try to understand the differences between WIndows 2000/XP/2003 on one side and Vista/2008/win7 on the other. I am referring to UAC. If you never used any Windows version higher than XP .. well then .. accept the limitation of >your experience.

I'm wondering how did you derive that:) I used to run Longhorn/Vista  betas since 2006,  Win7/2008R2 betas since January this year, so I do know pretty well the stuff you're talking about :)

>There will need an option for user to specify bot 'basedir' and 'datadir' independently.  default 'basedir' should be 'program files' - default datadir should be 'AppData'.

>This is the (mine) bug report where this discussion started in MySQL context:
>http://bugs.mysql.com/bug.php?id=34593

I wonder how can you read from my post that I suggested storing data in ProgramFiles?
In contrary, my position on that was always that
- it is bad to store data or config files in Program Files 
- it is bad to run MySQL service under administrative account and it is even worse to run it under SYSTEM.

The core of the UAC is dumbing down members of Administrators group to be a normal users by default. So now, if service would not run as high-privileged administrative account (it does not need any admin privileges), and installation would save config files in a place where they are editable, then users would not have to care or know anything about UAC. Also note, using least possible privileges is a prerequisite for passing formal MS certifications, since at least Windows2003 times. And please refer to my previous post about security - I described how improving security creates on the other hand user friendly UAC-popup-free experience.