Re: [firebird-support] gsec in Firebird 3.0
Unfortunately, Ubuntu 18.04 doesn't install any example database, that's why I resourced to security3.db I have a script that automates a server installation, changing SYSDBA password and adding users. I did that with gsec. I know that now I should do it with SQL sentences, but as I have no database, I have to use security3.db. Is it dangerous to use this database to add users ? Aldo El 12/07/18 a las 17:06, Mark Rotteveel m...@lawinegevaar.nl [firebird-support] escribió: On 12-7-2018 21:24, Aldo Caruso aldo.car...@argencasas.com [firebird-support] wrote: > thanks for your answer. > > One question related to changing SYSDBA password for the first time > without using gsec. > > I noticed that, as you have no other database than security3.fdb, > you must connect to it, but for doing so you can't use remote > connections ( not even localhost ) and, as you access directly to the > database file, you must run isql-fb as root. Also you need to stop the > service in order to have exclusive access to the database file. You could just connect to the employee example database (or any other local and accessible database) using an embedded connection (which should be the default when you don't specify a hostname) and create (or alter) the account there. I would suggest to explicitly specify the user manager plugin to use with the `USING PLUGIN ..` clause, so you don't accidentally create (or alter) less safe accounts using the legacy user manager if you didn't intended that (or vice versa). > So you must follow the following steps ( Ubuntu 18..04 ) > > > sudo service firebird3.0 stop > > sudo isql-fb -user sysdba -password security.db > > SQL> alter user sysdba set password ''; > > SQL> exit; > > sudo service firebird3.0 start > > > Is this sequence of steps correct ? It shouldn't be necessary, especially not as root. Mark -- Mark Rotteveel
Re: [firebird-support] gsec in Firebird 3.0
Vlad, Thanks for your answer. I added my account to firebird group and could run isql-fb. Aldo El 12/07/18 a las 16:44, hv...@users.sourceforge.net [firebird-support] escribió: > One question related to changing SYSDBA password for the first time without using gsec. > I noticed that, as you have no other database than security3.fdb, you must connect to it, > but for doing so you can't use remote connections ( not even localhost ) Correct > and, as you access directly to the database file, you must run isql-fb as root. Why do you think so ? You should be member of "firebird" group, created by installer. No need to be a root. Never. Regards, Vlad
Re: [firebird-support] gsec in Firebird 3.0
On 12-7-2018 21:24, Aldo Caruso aldo.car...@argencasas.com [firebird-support] wrote: > thanks for your answer. > > One question related to changing SYSDBA password for the first time > without using gsec. > > I noticed that, as you have no other database than security3.fdb, > you must connect to it, but for doing so you can't use remote > connections ( not even localhost ) and, as you access directly to the > database file, you must run isql-fb as root. Also you need to stop the > service in order to have exclusive access to the database file. You could just connect to the employee example database (or any other local and accessible database) using an embedded connection (which should be the default when you don't specify a hostname) and create (or alter) the account there. I would suggest to explicitly specify the user manager plugin to use with the `USING PLUGIN ..` clause, so you don't accidentally create (or alter) less safe accounts using the legacy user manager if you didn't intended that (or vice versa). > So you must follow the following steps ( Ubuntu 18.04 ) > > > sudo service firebird3.0 stop > > sudo isql-fb -user sysdba -password security.db > > SQL> alter user sysdba set password ''; > > SQL> exit; > > sudo service firebird3.0 start > > > Is this sequence of steps correct ? It shouldn't be necessary, especially not as root. Mark -- Mark Rotteveel
Re: [firebird-support] gsec in Firebird 3.0
>One question related to changing SYSDBA password for the first time > without using gsec. >I noticed that, as you have no other database than security3.fdb, you > must connect to it, >but for doing so you can't use remote connections ( not even localhost ) Correct >and, as you access directly to the database file, you must run isql-fb as > root. Why do you think so ? You should be member of "firebird" group, created by installer. No need to be a root. Never. Regards, Vlad
Re: [firebird-support] gsec in Firebird 3.0
Mark, thanks for your answer. One question related to changing SYSDBA password for the first time without using gsec. I noticed that, as you have no other database than security3.fdb, you must connect to it, but for doing so you can't use remote connections ( not even localhost ) and, as you access directly to the database file, you must run isql-fb as root. Also you need to stop the service in order to have exclusive access to the database file. So you must follow the following steps ( Ubuntu 18.04 ) sudo service firebird3.0 stop sudo isql-fb -user sysdba -password security.db SQL> alter user sysdba set password ''; SQL> exit; sudo service firebird3.0 start Is this sequence of steps correct ? Thanks, Aldo || El 12/07/18 a las 15:37, Mark Rotteveel m...@lawinegevaar.nl [firebird-support] escribió: On 12-7-2018 16:24, Aldo Caruso aldo.car...@argencasas.com [firebird-support] wrote: > Hello, > > The gsec utility still exists in Firebird 3.0.2 ( Ubuntu 18.04 > distribution ), although its man page states that it is deprecated. > I tested it and works. I have some scripts that use it in order to > add users. > Is it still reliable to use it or should I have to rewrite those > scripts invoking isql-fb with the new command "create user" ? Deprecated doesn't mean it doesn't work, it means that it is advisable to stop using it and that it is may be removed in a future. In other words: you can use it, but you should consider moving to SQL user management so you don't run into problems when gsec is removed. One of the downsides of gsec is that it doesn't have support for multiple user managers, so you can only use the user manager that is first in the configured list. It also doesn't support some of the newer features (like user tags). I believe there are some more downsides, but I can't readily think of them. Also consider this: dialect 1 has been deprecated since InterBase 6 back at the turn of the century, and yet Firebird still supports it... Mark -- Mark Rotteveel
Re: [firebird-support] gsec in Firebird 3.0
On 12-7-2018 16:24, Aldo Caruso aldo.car...@argencasas.com [firebird-support] wrote: > Hello, > > The gsec utility still exists in Firebird 3.0.2 ( Ubuntu 18.04 > distribution ), although its man page states that it is deprecated. > I tested it and works. I have some scripts that use it in order to > add users. > Is it still reliable to use it or should I have to rewrite those > scripts invoking isql-fb with the new command "create user" ? Deprecated doesn't mean it doesn't work, it means that it is advisable to stop using it and that it is may be removed in a future. In other words: you can use it, but you should consider moving to SQL user management so you don't run into problems when gsec is removed. One of the downsides of gsec is that it doesn't have support for multiple user managers, so you can only use the user manager that is first in the configured list. It also doesn't support some of the newer features (like user tags). I believe there are some more downsides, but I can't readily think of them. Also consider this: dialect 1 has been deprecated since InterBase 6 back at the turn of the century, and yet Firebird still supports it... Mark -- Mark Rotteveel