On 07/15/2015 01:24 PM, Dmitry Yemanov wrote:
> 15.07.2015 13:14, Alex Peshkoff wrote:
>
>> I worry more about SQL-based management. Creating first user is required
>> step not only for initializing security3.fdb, it's also required when
>> new security database (non-default) is to be added to the server. May be
>> play this trick if an explicit user switch is not provided (i.e. OS user
>> name is used) in embedded attachment and an attempt is made to add
>> SYSDBA in any case, not only in gsec?
> Maybe, but we should not limit the solution to SYSDBA only. If someone
> wants to avoid SYSDBA at all and initialize the security database with
> gsec -add mydba -pw mypassword [s]he should not specify -user sysdba
> either (it does not exist and hence looks weird too).
>
For that trick to be efficient mydba should better also be an owner of
security database one creates. To achieve this one should first of all
add something like
mysec = /var/mysecurity.db
{
RemoteAccess = false
SecurityDatabase = mysec
DefaultDbCachePages = 50
}
to databases.conf (path used is just a dumb example). Next create that
database as mydba:
# ./isql -user mydba
Use CONNECT or CREATE DATABASE to specify a database
SQL> CREATE DATABASE 'mysec';
SQL> create user mydba password 'my_master_key';
That's all - validating what did we get:
SQL> show database;
Database: mysec
Owner: MYDBA
.....
SQL> select first(1) * from rdb$relations where RDB$RELATION_NAME =
'PLG$SRP';
....
RDB$OWNER_NAME MYDBA
...
SQL> select * from sec$users;
SEC$USER_NAME MYDBA
....
SQL>
In such sample setting '-user mydba' in isql looks OK for me - how else
can we create database as MYDBA?
But I see no good way to automate all of this - only description in doc
comes to my mind.
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
