On Thu, 2005-09-15 at 12:58 +1000, Helen Borrie wrote:

> At 06:48 PM 14/09/2005 -0600, you wrote:
> >Is there a document on how permissions work for database access on Linux
> >using FirebirdCS 1.5.2?
>
> Yes, there's a piece about it in the Fb 1.5 release notes, in the Linux
> installation section, though it doesn't give you an explicit rundown of
> what the perms have to be in the case of a Linux direct connection.
>
> >I'm afraid the whole system is baffling to me.
>
> Me too. :-)
>

It took me a bit to figure it out.

If you use local connections (/directory/whatever), then your baseline
authority is the file authority that you have as a linux user, with
firebird internal security applied on top of that.

If you use IP connections (localhost:3050:whatever), then your authority
is the authority that the user ID that launched firebird has, with
firebird internal security applied on top of that.

I have a user called "firebird", with its own home directory. My
databases are all encapsulated under the firebird directory. Firebird
(the application) is launched as a service under the firebird user
authority.

If I connect via IP connection, firebird has all of the authority it
needs. If I connect using just the file path, then my login's authority
is used. If I want to address something in the firebird home directory,
including my databases, then I must be a member of the firebird group.

hope this helps,

David Johnson