| Subject | security and local Linux users |
|---|---|
| Author | Ian Barwick |
| Post date | 2004-08-14T19:45:52Z |
I'm new to Firebird. I'm looking at it with a view to collecting information
for an article on "alternative" (i.e. non-dolphin orientated, or "better")
open source databases.
I have installed the current Linux 1.5.1 Superserver rpm on SUSE Linux 9.1 and
it's running fine. I've been experimenting with user permissions and I notice
that it is possible to connect to the sample "employees" database and also to
the security database as _any_ Linux user on the local system without
providing a username and password, and without that user being registered in
the Firebird security database (the only user in security.fdb at this point
is SYSDBA). I can then both modify data and create tables and databases.
SELECT user FROM RDB$DATABASE shows the name of the Linux user.
With other databases I'm familiar with (particularly MySQL, PostgreSQL
and Oracle) it's only possible connect to the database as a database user,
and actions are of course limited to that user's permissions.
My questions are:
- is this normal behaviour for Firebird?
- how can I force local users only to connect with a valid database username /
password?
- is there any documentation on this?
Thanks for any answers and apologies in advance if I've overlooked something
blindingly obvious.
Ian Barwick
for an article on "alternative" (i.e. non-dolphin orientated, or "better")
open source databases.
I have installed the current Linux 1.5.1 Superserver rpm on SUSE Linux 9.1 and
it's running fine. I've been experimenting with user permissions and I notice
that it is possible to connect to the sample "employees" database and also to
the security database as _any_ Linux user on the local system without
providing a username and password, and without that user being registered in
the Firebird security database (the only user in security.fdb at this point
is SYSDBA). I can then both modify data and create tables and databases.
SELECT user FROM RDB$DATABASE shows the name of the Linux user.
With other databases I'm familiar with (particularly MySQL, PostgreSQL
and Oracle) it's only possible connect to the database as a database user,
and actions are of course limited to that user's permissions.
My questions are:
- is this normal behaviour for Firebird?
- how can I force local users only to connect with a valid database username /
password?
- is there any documentation on this?
Thanks for any answers and apologies in advance if I've overlooked something
blindingly obvious.
Ian Barwick