maria-developers team mailing list archive

["Vladislav Vaintroub" <wlad@xxxxxxxxxxxxxxxx>]

> -----Original Message-----
> From: maria-developers-bounces+wlad=montyprogram.com@xxxxxxxxxxxxxxxxxxx [mailto:maria-developers-
> bounces+wlad=montyprogram.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Arjen Lentz
> Sent: Mittwoch, 2. Februar 2011 01:41
> To: maria-developers
> Subject: Re: [Maria-developers] Windows installer MWL#55 finished.
> 
> Hi Peter, all
> 
> On 02/02/2011, at 8:24 AM, Peter Laursen wrote:
> > Also isn't 'NT AUTHORITY\SYSTEM' what user account MySQL normally
> > uses?  But using \Network Service may be an improvement .. I
> > remember we had some discussions. :-)


> 
> Could it have its own account?
> MSSQL probably ties in with lots of other things, mysqld is pretty
> self-contained and just needs network access and its local directory
> tree.

Hi Arjen,
yes, it could.  One of the problems with own account is  password management - password complexity and expiration as in local/global
policies. An account with no password cannot run services. If password has expired, service does not start.   

I believe write-restricted service (Vista feature, own security identifier per service) is exactly what a security-concerned admin
would need in this case, though I did not found time yet to investigate it.