| Subject | Re: [firebird-support] Re: SYSDBA, security and backups |
|---|---|
| Author | Ramiro Barreca |
| Post date | 2009-03-24T01:44:20Z |
Anyway the user/password of the owner needs to we hard-coded into the script
of a backup process.
Either on Linux or windows, the solution is to deny any access to this
scripts at OS security level.
At Linux you must set read and execution access to the script just to root
and/or firebird user. Nothing else is necesary to schedule the execution of
this script by crontab.
At Windows the .bat file must have just read access to Administrator or a
DBA. Then, by giving the user/password when setting the scheduled task for
this bat file, you protect SYSDBA's pass.
Ramiro Barreca
rbarreca@...
2009/3/23 Helen Borrie <helebor@...>
Ramiro Barreca
rbarreca@...
[Non-text portions of this message have been removed]
of a backup process.
Either on Linux or windows, the solution is to deny any access to this
scripts at OS security level.
At Linux you must set read and execution access to the script just to root
and/or firebird user. Nothing else is necesary to schedule the execution of
this script by crontab.
At Windows the .bat file must have just read access to Administrator or a
DBA. Then, by giving the user/password when setting the scheduled task for
this bat file, you protect SYSDBA's pass.
Ramiro Barreca
rbarreca@...
2009/3/23 Helen Borrie <helebor@...>
> At 09:37 AM 24/03/2009, you wrote:--
>
> >also, if I create a new user specifically for GBAK, what are the minimum
> rights i will need to assign?
>
> That's not it. The point is that only the SYSDBA or the database owner can
> do backups.
>
> So - create a new user that you intend to be the owner of the database and
> use Thomas' migrator tool to transfer *ownership* of the database and all
> its objects to that user.
>
> ./heLen
>
>
>
Ramiro Barreca
rbarreca@...
[Non-text portions of this message have been removed]