Subject Re: [IBPP-DISCUSS] [firebird-support] FB Embedded on Linux without need for root account
Author Micha Feigin
On Sat, 15 Jul 2006 11:52:20 +1000
Helen Borrie <helebor@...> wrote:


> >I worked with it a bit to get it to work, and a few straces later and several
> >file not found errors I found out that at least on my machine you need to
> >also create an empty run directory.
> That might have to do with the logged-in Linux user's file
> permissions. Unlike "full server", Embedded on Linux access the
> database file directly, so the logged-in user needs the proper
> permissions at both folder (rwx) and file (rw) levels. So, if the
> logged-in user belongs to a group that has these permissions at group
> level, everything should be like chocolate mousse.

It doesn't. If you look at the following dump from strace, the program tries to
stat run/isc_lock1.litshi and then open it, but since the directory run doesn't
exist the file can't be created. If you use the global firebird settings (by
adding the user to the firebird group instead of using the supplied
instructions), then it uses the global run directory (/usr/lib/firebird2/run on
debian) so there is no problem.

umask(0) = 022
stat64("/home/micha/dev/firebird/run/isc_lock1.litshi", 0xbfecb674) = -1 ENOENT (No such file or directory)
open("/home/micha/dev/firebird/run/isc_lock1.litshi", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0660) = -1 ENOENT (No such file or directory)
umask(022) = 0

> >On the other hand, why is all the fuss with the password file if you
> >can simply
> >import you own password file whenever you work with the embeded server.
> >Wouldn't it be simpler and lighter all around to just allow for an
> >empty/default username/password? (it would also save the 600K extra
> >file in the directory).
> would save 600K on disk but it would break the current
> authentication model. Fb 3.0 will have more authentication options.

With the embeded version authentication is useless since you can point firebird
to the current directory and put your own password file there.

> I wonder whether you (and Milan) know that you can set up the Linux
> user in the Firebird security database so that, if the Linux user is
> already logged in, it won't have to endure separate authentication
> when connecting to Firebird? Milan, this would be worth adding to
> your paper, with perhaps some reference to SQL privileges and Roles...

I didn't know, I will try and look at it, although I am still tying to find a
programmers guild it firebird. On the other hand, ibpp won't let you create a
new database object without at least a username so I don't think it's useful
from the programmers side. I'll be happy to learn differently.

> ../heLen
> +++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.