Rick Debay wrote:

> If this hasn't been fixed per Pavel's comment, I'd like to suggest that
> anyone belonging to the firebird group be allowed to start or stop the
> server. Then the SYSDBA password won't be in clear-text in the init
> script.
>
> -----Original Message-----
> From: firebird-support@yahoogroups.com
> [mailto:firebird-support@yahoogroups.com] On Behalf Of Rick Debay
> Sent: Tuesday, March 21, 2006 6:20 PM
> To: firebird-support@yahoogroups.com
> Subject: [firebird-support] Firebird init script
>
> Can someone comment on Pavel's comment in the Firebird init script?
>
> # WARNING: in a real-world installation, you should not put the
> # SYSDBA password in a publicly-readable file.
> # Eventually this file should not need to contain any passwords.
> # as root user alone should be sufficient privledge to stop/start
> # the server.
>
> Has this been fixed? Shouldn't anyone belonging to the firebird group
> be allowed to stop/start the server?
> Would a PAM be useful here?
>

Keeping password in any 'encrypted' way, which may be used to connect to
firebird as sysdba is not a way to go. In fb2 there is no sysdba
password in init script at all - and after fb2 release (or even sooner,
if it will long time) I can port this to vulcan.
Ability to start and stop firebird will depend only from ability of
member of a group to kill process, belonging to user firebird and to
start it 'su firebird'. Right now I'm not sure, possible it or not. If
not, this means that OS security prohibits such activity. And I don't
see any good reasons to violate OS rules.
For production system suggested feature is a bad thing. For development
- may be, good. But I'm sure developers can solve such a problem
themself, violating OS security on there development system.