I am wondering if there is something wrong with my installation, or
maybe I am misunderstanding how this should work.

I have FB 1.02 running on Red Hat 7.2 - according to the Interbase
Operations Guide, on unix the database will authorise user access on
the basis of the existence of operating system users. However, if I u
(as a non-root user) run /opt/interbase/bin/isql without specifying a
username on the command line, I am not only allowed to connect to the
locally running database, but I also have access to table data. Is
this the correct behaviour? I would have expected that I could
connect to the db (having been authorised as an OS user), but I would
also expect that I would be unable to access the table data unless
this unix user belonged to a group that corresponded to a SQL role.

I am using the following connect string within isql, which I believe
means that the connection is remote rather than local:
<servernam>:/opt/interbase/examples/employee.gdb

My concern is that Firebird is completely bypassing all
authorisation, even though this is a remote connection.