Subject Re: [firebird-support] FB users can do too much by default
Author Bc. Jiri Cincura
Vlada Macek wrote:
> Hi, I use firebird package 1.5.1-4 on Debian Sarge, have all fdb files
> in /var/lib/firebird2/data accessible only by aliases defined in
> /etc/firebird2/aliases.conf. I'm facing the following problem:
> With GSEC I create two users U1 and U2, both with UID matching their
> /etc/passwd UID's. U1 owns u1.fdb, U2 owns u2.fdb (ownership assigned
> with CREATE DATABASE command). Each creates some tables in his db.
> Now U1 is not able to SELECT from tables created by U2 in u2.fdb
> (permission denied, that's good), but U1 is able to create tables (and
> select from them) that he creates in u2.fdb. He also can list tables in
> u2.fdb.

Isn't U1 user something like root? If you want to disable unix passwords
and use *only* security database, check hosts.equiv, ...

> I would wish any access to databases be denied for users other than the
> db owner. Was unable to find any mention about it in the docs. Is it
> possible in some easy way?

I'm using FB on Slackware and there's no problem with users.

Bc. Jiri Cincura
ICQ: 314711544 | Yahoo!: x2develop