Subject Proposed addition to database parameter block
I've been working on Firebird and have an addition to propose. I
am looking for feedback and discussion on this. Here is the problem (as
paraphrased from Ann):

> At the moment, on UNIX, OS
> level database protection is too rigid for most applications because the
> OS level user and the database user are the same. If I own a database
> and
> want to have exclusive read/write access at the file level, I must allow
> all database users to masquerade as me to get around the operating
> system
> restricting. Unfortunately, masquerading as me to the operating system
> also makes them me to InterBase, defeating SQL-level security. Both the
> OS and the database use the euid to establish identity.

The solution I have come up with is to add another option to the
database parameter block (dpb). This option will instruct the engine to
use the real uid of the user instead of the effective uid. In my
current implementation the option is called isc_dpb_use_real_uid (I'm
sure this will be the subject of much debate :). In addition to adding
the definition for the isc_dpb_use_real_uid constant, there are some
other changes necessary:

1. The addition of a BOOLEAN parameter to ISC_get_user to instruct
it to use the real uid.
2. The addition of a BOOLEAN parameter to SLC_init for the same
reason as (1).
3. The addition of a BOOLEAN field to DPB (options structure) in
jrd.c to store the new option.
4. The addition of code in jrd.c to read the option out of the dpb.

This change will not effect the default operation of the engine.
Looking through the option parsing code in jrd.c it ignores any unknown
option so the change shouldn't introduce any backwards incompatibility
for client applications. I have the change implemented and it works as
advertised. Your feedback is appreciated.