1, Requiring access to the security database is a change in behaviour from Firebird 2.1 and breaks any implementation that relied on this.
2. What's wrong with respectiing the FIREBIRD environment variable setting? In the past this worked consistently across all platforms and allowed both test environments to be readily set up and environments where the user did not have root access. 3. I am trying to think of a security threat that is being countered by ignoring the environment variable but I can't think of one. - normal Unix permissions protect access to Firebird Databases independent of the security database. - the role of the security database is to control server based access to remote users and local users that do not have local access rights to a database. 4. The embedded server should allow a user to access common databases when the user is in the firebird group and any local databases that they own. However, forcing a user to be a member of the firebird group in order to access their own databases potentially allows them access to common databases (including the security database) to which they would not have otherwise been granted access. This appears to be a serious disbenefit resulting from the change in behaviour. On 26/03/14 06:31, Alex Peshkoff wrote: > On 03/25/14 18:13, Tony Whyman wrote: >> Talk of libfbembed has reminded me of a problem I have been having with >> the debian/ubuntu builds for Firebird 2.5. It seems that the embeded >> server for this build (and possibly others) insists on being able to >> access the security2.fdb in /var/lib/firebird/2.5/system and refuses to >> run if the current user does not have read/write access. > That's correct behavior. Users who need embedded access must be in > firebird group. > >> Setting the >> FIREBIRD environment variable does not help. >> >> It looks like the macro BOOT_BUILD needs to be defined in the build >> process to avoid this behaviour (see common/utils.cpp line 930). > It does not affect OS access rights. And it will break debian build. > >> Before >> I submit a bug report, can anyone confirm that this is correct and that >> setting this macro would not have undesirable consequences for the >> classic or super classic servers. >> >> Tony Whyman >> MWA >> >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel >> >> > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
