| Subject | Re: [Firebird-Architect] Firebird init script |
|---|---|
| Author | Alex Peshkov |
| Post date | 2006-03-30T11:34:25Z |
Rick Debay wrote:
firebird-devel@....
familiar with it - why should I pay money for it if I'm satisfied with
linux? Though certainly it's much better to have group security
mechanisms, but that's not enough reason for me to move to AIX. In
linux, which we were discussing initially (I talk now about Gentoo), I
can see:
# Fix bug 48595
if [[ $(id -u) != 0 ]]; then
eerror "ERROR: must be root to run init scripts"
exit 1
fi
And this is done for any /etc/init.d script! Therefore I should say - as
soon as linux moves to group security, firebird on linux will do it too.
For AIX I see no problems having group security (I suppose, it has some
support to do it easy).
decide - do we really need to use security policy of database server
differing from one of host OS?
> I couldn't find a firebird-linux developers list, but you can cross-postYou should better use general developers list, i.e.
> replies to that group and I'll continue in that thread.
> I found documentation covering some scripts at
> http://www.firebirdsql.org/manual/fbutils-scripts.html.
> Every script requires root permissions :-(
>
firebird-devel@....
>AIX is commercial platform and this is the primary reason I'm not
>>but that's how linux (and other known to me unixes) work now.
>
>
> Ahh, that's just how many admins run them. Since the widespread use of
> sudo and now PAM authentication modules, root access is practically
> archaic. I know AIX and others have their own group security
> mechanisms.
>
familiar with it - why should I pay money for it if I'm satisfied with
linux? Though certainly it's much better to have group security
mechanisms, but that's not enough reason for me to move to AIX. In
linux, which we were discussing initially (I talk now about Gentoo), I
can see:
# Fix bug 48595
if [[ $(id -u) != 0 ]]; then
eerror "ERROR: must be root to run init scripts"
exit 1
fi
And this is done for any /etc/init.d script! Therefore I should say - as
soon as linux moves to group security, firebird on linux will do it too.
For AIX I see no problems having group security (I suppose, it has some
support to do it easy).
>This would be great. But before making it standard in linux, let's
>>There is one way to do it. There is user firebird, which can perform
>
> server start-stop operations.
>
>>Just give him real shell and real password.
>
>
> IMHO firebird user should not be used, I equate it to the root user of
> Firebird. Also, if you have logging enabled you have no idea who
> actually performed the actions done as the firebird user. If Alice and
> Bob log in as themselves but are part of the firebird group, I can see
> from logs that Alice edited the firebird.conf file.
>
> After FB2 is final (or earlier), I'll post an
> /etc/permissions.d/firebird.secure file that shows what I think the
> permissions should be for FB2. I'll also post a portion of an
> /etc/sudoers file. If anyone has any suggestions as to what Linux
> commands a Firebird operator or DBA or both needs to run or files they
> need to edit, let me know so I can grant them in the sudoers file. For
> example, isql access can be granted to those who belong to the DBA
> sudoer alias, and gbak to those belonging to the OPERATOR alias.
>
decide - do we really need to use security policy of database server
differing from one of host OS?