Firebird Docset → Firebird Commandline Utilities → GSEC - Firebird Password File Utility |
Table of Contents
GSEC is the security database manipulation utility. It allows the DBA (or any privileged user) the ability to maintain user accounts for various Firebird databases. Using various options, users can be added, amended or deleted from the security database.
Normal users, ie those not endowed with DBA privileges, can only see their own user details from version 2.0 of Firebird. They can, however, change their own passwords with the new version. Previous to the new version, the DBA had to make the changes.
It is possible on some operating systems that users will not be able to run GSEC, even if they know the sysdba password. This is because those operating systems allow the system administrator to set filesystem permissions which prevent execution of certain programs and utilities for security reasons.
The Firebird database holds details of all users in a single security database. This is located on the server in a normal Firebird database named security.fdb for Firebird 1.5 or security2.fdb for Firebird 2.0 onwards. The default locations for this file are :
C:\Program Files\Firebird\Firebird_1_5 for Windows.
/opt/firebird for Linux and other Unix systems.
The security database has two tables, users and host_info. The host_info table is empty and the users table holds the details of each user allowed to access any Firebird database. Having said that, database roles and privileges will prevent users logging into and manipulating databases to which they have no rights.
The GSEC utility manipulates data in the users table in the security database, and by doing so, allows users to be added, amended and deleted from the system. Not all columns of the users table are able to be displayed, even though they can be amended. The user's password column is never shown by GSEC, but you can change it, for example.
Like most of the command line utilities supplied with Firebird, GSEC can be run in interactive or batch mode and has a help screen showing all of the utility's options, we'll be seeing that a little later on.
Coming up in this chapter, we have :
Commandline options for GSEC.
GSEC commands and their parameters.
Running GSEC in interactive or batch modes, both of which allow you to :
Display user details.
Amend user details.
Add new users.
Delete existing users.
Using GSEC to administer a remote security database.
Some caveats, gotchas and foibles of GSEC.
Firebird Docset → Firebird Commandline Utilities → GSEC - Firebird Password File Utility |