| Subject | Re: [ib-support] Linux Deployment FAQ? |
|---|---|
| Author | Helen Borrie |
| Post date | 2003-03-27T02:12:15Z |
At 01:00 AM 27/03/2003 +0000, you wrote:
pieces, not to databases.
database) create database files. From the Linux p.o.v., Linux system users
have privileges with respect to the filesystem. You can associate a Linux
user name and/or group name with a database user name, via the
SYS_USER_NAME and GROUP_NAME columns in the USERS database. So it's up to
the root user (which on Linux has the same privileges as SYSDBA with
respect to the Fb server) to set up privileges to suit.
databases has the filesystem access protection required. I have one hard
disk where I store all user data. My Linux system sees it as /data.
owner privileges to all database files. Each database OWNER has owner
privileges to the database which it owns. (Any user can own a database, by
creating it.)
only need to uncomment those you actually change.
heLen
>Hi,That's right. SYSDBA has God rights on the server.
>
>Well now that I've got this spiffy brand-new smp Linux server, and
>I've already installed FB 1.5 Beta4 for testing (since Sean convinced
>me to try Classic again!) After the initial install, everything
>works! Which I'm going to take as a good sign...
>
>However, being new to FB on Linux, I do have a few questions. If
>these are answered in some FB Linux FAQ that I missed, please feel
>free to flame me.
>
>1) It seems after the install that the SYSDBA account can create
>database files anywhere in the file system.
>(This prompted me to goThat's correct. It points to the location of the server and its bits and
>check out /etc/firebird.conf. There is an entry labeled 'Root
>Directory=', but the preceeding comment leads me to believe it is used
>to specify /usr/local/firebird instead of a root data file path.)
pieces, not to databases.
> IsFrom Firebird's p.o.v, database users (i.e. users present in the security
>there a way to put FB into something like a "chroot jail", so I can
>restrict where FB can create new files?
database) create database files. From the Linux p.o.v., Linux system users
have privileges with respect to the filesystem. You can associate a Linux
user name and/or group name with a database user name, via the
SYS_USER_NAME and GROUP_NAME columns in the USERS database. So it's up to
the root user (which on Linux has the same privileges as SYSDBA with
respect to the Fb server) to set up privileges to suit.
>2) Is there a 'recommended' location for storing/creating FB dataNot especially. Just ensure that the filesystem where you locate user
>files in Linux? I was thinking of creating an 'fbdata' user account
>and put all of the FB data files in /home/fbdata.
databases has the filesystem access protection required. I have one hard
disk where I store all user data. My Linux system sees it as /data.
>That way, theRoot has owner privileges to all files in all filesystems. SYSDBA has
>fbdata account could log in and perform backups on its home directory
>with no risk of damaging the data files since all data files seem to
>be owned by root. Is this reasonable?
owner privileges to all database files. Each database OWNER has owner
privileges to the database which it owns. (Any user can own a database, by
creating it.)
>3) Is there a reason why the entire /etc/firebird.conf file isYes. The settings in the conf file are the installation defaults. So you
>commented-out by default?
only need to uncomment those you actually change.
heLen