Rick Debay wrote:

> The problem is that by making root the only account that can maintain
> the system, everyone is required to have root access and that security
> hole is by far the worst.

This is really reasonable. But it seems it should be discussed in
another place - somewhere like linux developers list. Yes, need for root
access to perform any admin task is not good - but that's how linux (and
other known to me unixes) work now. Making revolution for one database
server - suspicious thing.

> This problem is greatly reduced by blocking remote root access,
> requiring wheel membership to su to root, and seperating root
> permissions out to those who need it in the sudoers file. However,
> sudoer files can become very complex very quickly, and it's easy to
> accidentally lock someone out or grant unwanted permissions. I'd be
> prone to give Joe Database Operator and Jane Database Operator
> permissions (by group membership) to run all scripts and programs
> belonging to the firebird group. That way they can backup, sweep,
> bounce the server, etc. But root (or a System Operator alias in
> sudoers) would be required to upgrade the server code or change the
> server's runlevel.
>

There is one way to do it. There is user firebird, which can perform
server start-stop operations. Just give him real shell and real
password. What about database backup, etc. - this is sysdba's task, and
the fact of presence of one and only one sysdba is internal firebird
problem, which should be solved in future releases.