Subject Re: [firebird-support] security and local Linux users
Author Helen Borrie
At 09:45 PM 14/08/2004 +0200, you wrote:

>I'm new to Firebird. I'm looking at it with a view to collecting information
>for an article on "alternative" (i.e. non-dolphin orientated, or "better")
>open source databases.
>I have installed the current Linux 1.5.1 Superserver rpm on SUSE Linux 9.1
>it's running fine. I've been experimenting with user permissions and I notice
>that it is possible to connect to the sample "employees" database and also to
>the security database as _any_ Linux user on the local system without
>providing a username and password, and without that user being registered in
>the Firebird security database (the only user in security.fdb at this point
>is SYSDBA). I can then both modify data and create tables and databases.
>SELECT user FROM RDB$DATABASE shows the name of the Linux user.
>With other databases I'm familiar with (particularly MySQL, PostgreSQL
>and Oracle) it's only possible connect to the database as a database user,
>and actions are of course limited to that user's permissions.
>My questions are:
>- is this normal behaviour for Firebird?

Yes. Except for Win32 embedded, you can't connect to a database without a
valid username and password. And only the sysdba can add or change users
and passwords.

>- how can I force local users only to connect with a valid database
>username /

They don't have any option.

>- is there any documentation on this?

It's servername:/path/to/database.file. In 1.5 you can alias the database
path - documentation in v.1.5 releasenotes (downloadable from Main Downloads page if you don't have them). Other
parameters are username, password, character set and dialect. You send all
of these parameters in a database parameter buffer from your client program.

If "anyone" is able to connect to any database locally without providing
user name and password, then you have the ISC_USER and ISC_PASSWORD
variables in your world-readable environment. That is not cool. Yesterday
you were looking for ways to avoid typing can't have butter
on both sides of the bread.

No user except sysdba, root and the database owner can see anything inside
a database unless it has SQL permissions for the objects it wants to see,
and their dependencies.

However, there's one nasty: any user with a valid login can CREATE (and
thus OWN) a database, or create (and thus own) new objects in an existing
database. In v.1.5 and on, you can help to make it harder by using path
aliasing and also restricting the locations where the server is allowed to
read or write database files (DatabaseAccess in firebird.conf).