Subject Re: [firebird-support] Permissions
Author Brad Pepers
David Johnson wrote:
> It took me a bit to figure it out.
> If you use local connections (/directory/whatever), then your baseline
> authority is the file authority that you have as a linux user, with
> firebird internal security applied on top of that.
> If you use IP connections (localhost:3050:whatever), then your authority
> is the authority that the user ID that launched firebird has, with
> firebird internal security applied on top of that.
> I have a user called "firebird", with its own home directory. My
> databases are all encapsulated under the firebird directory. Firebird
> (the application) is launched as a service under the firebird user
> authority.
> If I connect via IP connection, firebird has all of the authority it
> needs. If I connect using just the file path, then my login's authority
> is used. If I want to address something in the firebird home directory,
> including my databases, then I must be a member of the firebird group.

Alright then so when I'm connecting directly using fbembed on the one
hand my application is connecting to the database directly so as long as
the file is readable to the user then thats fine but there is also an
fb_lock_mgr process kicked off which needs access to the file *and* my
application will need to be able to read the security.fdb file so I need
read permission to that as well (and perhaps the lock manager does
too?). So this can all be done by making a "firebird" user and having
all the files owned that way and have the current user in the "firebird"
group but can't I also set it up so that all the files are owned by the
current user (the database to connect to and security.fdb and any log
files and such)?

I'm trying to enable an easy install of our software for non-root users
on Linux which means no creating users or anything like that. I want to
run Firebird out of a single directory under the users home directory
and I hope its possible to setup this way.

Thanks for your input (and Helen's too!) on this!

Brad Pepers