| Firebird Docset → Firebird Commandline Utilities → GSEC - Firebird Password File Utility → GSEC caveats |
|
|
|
The following is a brief list of gotchas and funnies that I have detected in my own use of GSEC. Some of these are mentioned above, others may not be. By collecting them all here in one place, you should be able to find out what's happening if you have problems.
Only a sysdba user can update the security database. Normal users can run the GSEC utility, but can only list the contents under Firebird 1.5. The following shows what happens when trying to update the database when running GSEC as a normal user.
C:\>gsec -user norman -password norman GSEC> add myuser -pw mypassword add record error no permission for insert/write access to TABLE USERS
A normal users can only display details from the security database.
C:\>gsec -user norman -password norman -display
user name uid gid full name
------------------------------------------------------------------------
SYSDBA 0 0
NORMAN 0 0 Norman Dunbar
EPOCMAN 0 0 Benoit Gilles MasciaFrom Firebird version 2 onwards, there are slight changes to the above. Users are now able to change their own passwords and can no longer display details of other users that may be present in the security database.
The above user, running under Firebird 2.0 would see the following :
C:\>gsec -user norman -password norman -display
user name uid gid full name
------------------------------------------------------------------------
NORMAN 0 0 Norman DunbarThe GSEC commands apply to both modes of operation, however, when running in batch mode, you must prefix the command name with a minus sign (-) or you will get an error message similar to the following :
C:\>gsec -user sysdba -password masterkey display invalid parameter, no switch defined error in switch specifications GSEC>
Note also that you will be left in interactive mode when an error occurs. The correct commandline should have a minus in front of the display command, as follows :
C:\>gsec -user sysdba -password masterkey -display
user name uid gid full name
------------------------------------------------------------------------
SYSDBA 0 0
NORMAN 0 0 Norman Dunbar
EPOCMAN 0 0 Benoit Gilles MasciaThis time, GSEC performed its duties, displayed all known users and quit from the utility.
If environment variables ISC_USER and ISC_PASSWORD have been defined, and this isn't a very good idea for security reasons, GSEC can be run without passing the -user or -password options.
As with all of the command line utilities, it is best to use the version of he GSEC utility that was supplied with your database.
When running GSEC under windows, you can trap the exit code in %ERRORLEVEL% and check it to determine the success or failure of the last command executed.
When your operating system is Unix - whatever flavour - the exit code is to be found in the $? variable.
Unfortunately, using the version of GSEC supplied with Firebird 1.5, it appears that GSEC always exits with a zero and this makes it quite unsuitable to build into a properly error trapped batch script on either system. Sad but true.
From version 2.0 of Firebird, this has been corrected and an exit code of zero indicates success while non-zero values indicate failures.
Sometimes, when running in batch mode, an error condition in GSEC will result in GSEC switching over to interactive mode. This is not very useful if you started GSEC in batch mode from a script, because your script will just sit there waiting on something to be typed.
|
| Firebird Docset → Firebird Commandline Utilities → GSEC - Firebird Password File Utility → GSEC caveats |