| Subject | Re: Delegating SYSDBA and enumerating users |
|---|---|
| Author | |
| Post date | 2017-02-23T09:17:14Z |
A little sample with Firebird 2.5
I added ordinary users 'user1' and 'user2' and admin user 'adm1'.
Now try to display list of users
1. Use sysdba account:
firebird\bin>gsec -user sysdba -pass masterkey -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Of course, sysdba could see all users.
You see - adm1 is really admin user while user1 and user2 are not admins.
2. Ordinary users could see itself only:
firebird\bin>gsec -user user1 -pass u1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
USER1 0 0
3. What about non-sysdba admin ?
firebird\bin>gsec -user adm1 -pass adm1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
ADM1 0 0 admin
Something wrong ? Let see next sample
4. Specify admin role:
firebird\bin>gsec -user adm1 -pass adm1 -role rdb$admin -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Is it what you need ?
Regards,
Vlad
I added ordinary users 'user1' and 'user2' and admin user 'adm1'.
Now try to display list of users
1. Use sysdba account:
firebird\bin>gsec -user sysdba -pass masterkey -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Of course, sysdba could see all users.
You see - adm1 is really admin user while user1 and user2 are not admins.
2. Ordinary users could see itself only:
firebird\bin>gsec -user user1 -pass u1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
USER1 0 0
3. What about non-sysdba admin ?
firebird\bin>gsec -user adm1 -pass adm1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
ADM1 0 0 admin
Something wrong ? Let see next sample
4. Specify admin role:
firebird\bin>gsec -user adm1 -pass adm1 -role rdb$admin -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Is it what you need ?
Regards,
Vlad