| Subject | FB users can do too much by default |
|---|---|
| Author | Vlada Macek |
| Post date | 2005-11-09T13:35:01Z |
Hi, I use firebird package 1.5.1-4 on Debian Sarge, have all fdb files
in /var/lib/firebird2/data accessible only by aliases defined in
/etc/firebird2/aliases.conf. I'm facing the following problem:
With GSEC I create two users U1 and U2, both with UID matching their
/etc/passwd UID's. U1 owns u1.fdb, U2 owns u2.fdb (ownership assigned
with CREATE DATABASE command). Each creates some tables in his db.
Now U1 is not able to SELECT from tables created by U2 in u2.fdb
(permission denied, that's good), but U1 is able to create tables (and
select from them) that he creates in u2.fdb. He also can list tables in
u2.fdb.
I would wish any access to databases be denied for users other than the
db owner. Was unable to find any mention about it in the docs. Is it
possible in some easy way?
Thanks in advance.
--
\//\/\
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)
in /var/lib/firebird2/data accessible only by aliases defined in
/etc/firebird2/aliases.conf. I'm facing the following problem:
With GSEC I create two users U1 and U2, both with UID matching their
/etc/passwd UID's. U1 owns u1.fdb, U2 owns u2.fdb (ownership assigned
with CREATE DATABASE command). Each creates some tables in his db.
Now U1 is not able to SELECT from tables created by U2 in u2.fdb
(permission denied, that's good), but U1 is able to create tables (and
select from them) that he creates in u2.fdb. He also can list tables in
u2.fdb.
I would wish any access to databases be denied for users other than the
db owner. Was unable to find any mention about it in the docs. Is it
possible in some easy way?
Thanks in advance.
--
\//\/\
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)