Subject Re: [ib-support] Linux Deployment FAQ?
Author Helen Borrie
At 01:00 AM 27/03/2003 +0000, you wrote:
>Well now that I've got this spiffy brand-new smp Linux server, and
>I've already installed FB 1.5 Beta4 for testing (since Sean convinced
>me to try Classic again!) After the initial install, everything
>works! Which I'm going to take as a good sign...
>However, being new to FB on Linux, I do have a few questions. If
>these are answered in some FB Linux FAQ that I missed, please feel
>free to flame me.
>1) It seems after the install that the SYSDBA account can create
>database files anywhere in the file system.

That's right. SYSDBA has God rights on the server.

>(This prompted me to go
>check out /etc/firebird.conf. There is an entry labeled 'Root
>Directory=', but the preceeding comment leads me to believe it is used
>to specify /usr/local/firebird instead of a root data file path.)

That's correct. It points to the location of the server and its bits and
pieces, not to databases.

> Is
>there a way to put FB into something like a "chroot jail", so I can
>restrict where FB can create new files?

From Firebird's p.o.v, database users (i.e. users present in the security
database) create database files. From the Linux p.o.v., Linux system users
have privileges with respect to the filesystem. You can associate a Linux
user name and/or group name with a database user name, via the
SYS_USER_NAME and GROUP_NAME columns in the USERS database. So it's up to
the root user (which on Linux has the same privileges as SYSDBA with
respect to the Fb server) to set up privileges to suit.

>2) Is there a 'recommended' location for storing/creating FB data
>files in Linux? I was thinking of creating an 'fbdata' user account
>and put all of the FB data files in /home/fbdata.

Not especially. Just ensure that the filesystem where you locate user
databases has the filesystem access protection required. I have one hard
disk where I store all user data. My Linux system sees it as /data.

>That way, the
>fbdata account could log in and perform backups on its home directory
>with no risk of damaging the data files since all data files seem to
>be owned by root. Is this reasonable?

Root has owner privileges to all files in all filesystems. SYSDBA has
owner privileges to all database files. Each database OWNER has owner
privileges to the database which it owns. (Any user can own a database, by
creating it.)

>3) Is there a reason why the entire /etc/firebird.conf file is
>commented-out by default?

Yes. The settings in the conf file are the installation defaults. So you
only need to uncomment those you actually change.