| Subject | RE: [firebird-support] Firebird init script |
|---|---|
| Author | Rick Debay |
| Post date | 2006-03-23T17:47:11Z |
My bad. The SYMLINK permissions are what I was looking at. The actual
script the symlink points to is viewable by root only.
Still, it's not good practice to leave passwords lying around in the
clear.
Rick DeBay
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Rick Debay
Sent: Thursday, March 23, 2006 12:43 PM
To: firebird-support@yahoogroups.com
Cc: pcisar@...
Subject: RE: [firebird-support] Firebird init script
implemented? The init script is WORLD readable, so anyone can find the
SYSDBA password if they are allowed to log on to the server, even as a
n00b guest.
restart firebird? There is a firebird user, and a firebird group. I
would expect that the firebird user, or a member of the firebird group,
be allowed to have operator privileges. I'm not talking about someone
who can log on to the database, but a user on the box who belongs to the
group that the install script created.
Rick DeBay
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Helen Borrie
Sent: Tuesday, March 21, 2006 7:14 PM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Firebird init script
At 10:19 AM 22/03/2006, you wrote:
understand what would be broken by stopping the server and wouldn't do
it for ad hoc purposes just to please one user of one database.
./heLen
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://firebird.sourceforge.net and click the Resources item on
the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://firebird.sourceforge.net and click the Resources item on
the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
script the symlink points to is viewable by root only.
Still, it's not good practice to leave passwords lying around in the
clear.
Rick DeBay
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Rick Debay
Sent: Thursday, March 23, 2006 12:43 PM
To: firebird-support@yahoogroups.com
Cc: pcisar@...
Subject: RE: [firebird-support] Firebird init script
> What's to fix?Let me rephrase. Has the change mentioned in the comment been
implemented? The init script is WORLD readable, so anyone can find the
SYSDBA password if they are allowed to log on to the server, even as a
n00b guest.
>>Shouldn't anyone belonging to the firebird group be allowed tostop/start the server?
> Heaven forbid.Why is it (from Pavel Cisar's comment) the intention that only root can
restart firebird? There is a firebird user, and a firebird group. I
would expect that the firebird user, or a member of the firebird group,
be allowed to have operator privileges. I'm not talking about someone
who can log on to the database, but a user on the box who belongs to the
group that the install script created.
Rick DeBay
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Helen Borrie
Sent: Tuesday, March 21, 2006 7:14 PM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Firebird init script
At 10:19 AM 22/03/2006, you wrote:
>Can someone comment on this comment in the Firebird init script?What's to fix?
>
># WARNING: in a real-world installation, you should not put the #
>SYSDBA password in a publicly-readable file.
># Eventually this file should not need to contain any passwords.
># as root user alone should be sufficient privledge to stop/start # the
>server.
>
>Has this been fixed?
>Shouldn't anyone belonging to the firebird group be allowed toHeaven forbid. One would hope at least that the root user would
>stop/start the server?
understand what would be broken by stopping the server and wouldn't do
it for ad hoc purposes just to please one user of one database.
./heLen
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://firebird.sourceforge.net and click the Resources item on
the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://firebird.sourceforge.net and click the Resources item on
the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links