| Firebird Docset → Firebird Database Docs → Firebird 2 Quick Start → Server configuration and management |
|
|
|
There are several things you should be aware of – and take care of – before you start using your freshly installed Firebird server. This part of the manual introduces you to some useful tools and shows you how to protect your server and databases.
Firebird comes with a command-line user management tool called gsec. Although its functions can also be performed by a number of third-party GUI utilities, you should at least have a basic knowledge of gsec, since this is the official tool and it's present in every Firebird server installation. In the next sections you will use gsec to execute two tasks: changing the SYSDBA password and adding a Firebird user. First though, some points of attention:
With some Firebird installations, you can only run
gsec if you are logged into the
operating system as Superuser (root on Linux) or as the user the
Firebird server process runs under. On Windows server platforms,
you typically need to be in the Power User group or higher to run
gsec successfully.
If you have enough privileges but invoking
gsec results in a message like
“cannot attach to password database - unable
to open database”:
You may be running Firebird on Windows and for some
reason the local protocol isn't working. One rather common
cause for this is running Windows Vista, 2003 or XP with
terminal services enabled. To enable the local protocol, open
firebird.conf, uncomment the
IpcName parameter and set it to
Global\FIREBIRD. Then restart the
server.
In Firebird 2.0.1 and up,
Global\FIREBIRD is already the default on
TS-enabled Windows systems.
If the above doesn't apply to you, you can at least circumvent the problem by “tricking” gsec into using TCP/IP. Add the following parameter to the command line, adjusting the path if necessary:
-database "localhost:C:\Program Files\Firebird\Firebird_2_0\security2.fdb"
The file security2.fdb is the
security database, where Firebird keeps
its user account details. It is located in your Firebird
installation directory.
Maybe your security database is a renamed
security.fdb from Firebird 1.5. Of course
this can't be the case immediately after installation. Someone
(you?) must have put it there, in order to keep the existing
accounts available. Consult the Release Notes for instructions
on how to upgrade old security databases.
If the error message starts with
“Cannot attach to services
manager”, the server may not be running at
all. In that case, go back to Testing your
installation and fix the problem.
On **nix systems, if you call gsec from its own directory, you should type ./gsec instead of just gsec. The current directory is usually not part of the search path, so plain gsec may either fail or launch a “wrong” gsec.
One Firebird account is created automatically as part of the installation process: SYSDBA. This account has all the privileges on the server and cannot be deleted. Depending on version, OS, and architecture, the installation program will either
install the SYSDBA user with the
password masterkey (actually,
masterke: characters after the eighth are
ignored), or
ask you to enter a password during installation, or
generate a random password and store that in the file
SYSDBA.password within your Firebird
installation directory.
If the password is masterkey and your server
is exposed to the Internet at all – or even to a
local network, unless you trust every user with the
SYSDBA password – you should change it
immediately using the gsec command-line
utility. Go to a command shell, cd to the
Firebird bin subdirectory and
issue the following command to change the password to (as an example)
icuryy4me:
gsec -user sysdba -pass masterkey -mo sysdba -pw icuryy4me
Notice that you specify “sysdba” twice in the command:
With the -user parameter you identify
yourself as SYSDBA. You also provide
SYSDBA's current password in the
-pass parameter.
The -mo[dify] parameter tells gsec
that you want to modify an account – which happens to be
SYSDBA again. Lastly,
-pw specifies the type of modification: the
password.
If all has gone well, the new password
icuryy4me is now encrypted and stored, and
masterkey is no longer valid. Please be aware that
unlike Firebird user names, passwords are case-sensitive.
Firebird allows the creation of many different user accounts. Each of them can own databases and also have various types of access to databases and database objects it doesn't own.
Using gsec, you can add a user
account as follows from the command line in the Firebird bin subdirectory:
gsec -user sysdba -pass masterkey -add billyboy -pw sekrit66
Provided that you've supplied the correct password for
SYSDBA, a user account called billyboy will now have been created with
password sekrit66. Remember that passwords
are case-sensitive.
Since Firebird 2, users can change their own passwords. Previous versions required SYSDBA to do this.
Firebird 2 offers a number of security options, designed to make unauthorised access as difficult as possible. Be warned however that some configurable security features default to the old, “insecure” behaviour inherited from InterBase and Firebird 1.0, in order not to break existing applications.
It pays to familiarise yourself with Firebird's security-related configuration parameters. You can significantly enhance your system's security if you raise the protection level wherever possible. This is not only a matter of setting parameters, by the way: other measures involve tuning filesystem access permissions, an intelligent user accounts policy, etc.
Below are some guidelines for protecting your Firebird server and databases.
On Unix-like systems, Firebird already runs as user
firebird by default, not
as root. On Windows
server platforms, you can also run the Firebird service under a
designated user account (e.g. Firebird). The default practice –
running the service as the LocalSystem user – poses a security
risk if your system is connected to the Internet. Consult
README.instsvc in the doc subdir to learn more about
this.
As discussed before, if your Firebird server is reachable
from the network and the system password is
masterkey, change it.
SYSDBA is a very powerful account, with full (destructive) access rights to all your Firebird databases. Its password should be known to a few trusted database administrators only. Therefore, you shouldn't use this super-account to create and populate regular databases. Instead, generate normal user accounts, and provide their account names and passwords to your users as needed. You can do this with gsec as shown above, or with any third-party Firebird administration tool.
Anybody who has filesystem-level read access to a database file can copy it, install it on a system under his or her own control, and extract all data from it – including possibly sensitive information. Anybody who has filesystem-level write access to a database file can corrupt it or totally destroy it.
As a rule, only the Firebird server process should have access to the database files. Users don't need, and should not have, access to the files – not even read-only. They query databases via the server, and the server makes sure that users only get the allowed type of access (if at all) to any objects within the database.
An exception to the above rule is the so-called local or
embedded access mode of Firebird Classic Server on Linux. This
mode requires that users have proper access
rights to the database file itself. They must also have read
access to the security database
security2.fdb. If this worries you, reserve
filesystem access to the security database (and other databases,
while you're at it) for the server process only. Users are then
obliged to connect via the network layer. However, the libfbembed.* libraries should not
be removed from your system, because the Firebird command-line
tools refuse to run if they are not present.
(Another exception is the Windows Embedded Server, but that's outside the scope of this manual.)
Database aliases shield the client
from physical database locations. Using aliases, a client can e.g.
connect to “frodo:zappa” without
having to know that the real location is
frodo:/var/firebird/music/underground/mothers_of_invention.fdb.
Aliases also allow you to relocate databases while the clients
keep using their existing connection strings.
Aliases are listed in the file
aliases.conf, in this format on Windows
machines:
poker = E:\Games\Data\PokerBase.fdb blackjack.fdb = C:\Firebird\Databases\cardgames\blkjk_2.fdb
And on Linux:
books = /home/bookworm/database/books.fdb zappa = /var/firebird/music/underground/mothers_of_invention.fdb
Giving the alias an .fdb (or any other) extension is
fully optional. Of course if you do include it, you must also
specify it when you use the alias to connect to the
database.
The DatabaseAccess parameter in
firebird.conf can be set to
Restrict to limit access to explicitly listed
filesystem trees, or even to None to allow
access to aliased databases only. Default is
All, i.e. no restrictions.
Note that this is not the same thing as the filesystem-level
access protection discussed earlier: when
DatabaseAccess is anything other than
All, the server will refuse to open any
databases outside the defined scope even if it has sufficient
rights on the database files.
There are more security parameters, but the ones not mentioned
here are already set to an adequate protection level by default. You can
read about them in the 1.5 and 2.0 Release Notes and in the comments in
firebird.conf itself.
Several control panel applets are available for use with Firebird. Whilst such applets are not essential, they do provide a convenient way to start and stop the server and check its current status.
The Firebird Server Manager applet is included in the Firebird distribution. The option to install this applet is only available for Superserver.
The applet is also usable for Classic server, provided that it (the server, that is) runs as a service, not as an application. Since the installation dialogue won't give you the option to include the applet with a Classic server, you must, if you really want it:
Install Superserver first;
Copy the applet Firebird2Control.cpl
from the Windows system folder to a safe place;
Uninstall Superserver;
Install Classic;
Copy the applet back to the system directory.
This is a screenshot of the activated applet. Notice that the title bar says “Firebird Server Control”, although it is listed in the Control Panel as Firebird 2.0 Server Manager.
Unfortunately, the bundled applet only works on Windows NT, 2000/2003 and XP.
If you want an applet that also works on Windows 9x or ME, visit this webpage:
...and download the Firebird Control Center fbcc-0.2.7.exe. Please note that, unlike the applet included with Firebird, the Firebird Control Center will not work with Classic servers at all.
The Control Center doesn't look anything like the Firebird applet shown in the screenshot, but offers the same functionality, and then some. Attention: if you run Firebird as a service and without the Guardian, the Start/Stop button will be labeled “Start” all the time, even when the server is already running. It functions as it should though. In all other configurations the button will say “Start” or “Stop” according to the situation.
The Firebird kit does not come with a GUI admin tool. It does have
a set of command-line tools – executable programs which are located in
the bin subdirectory of your
Firebird installation. One of them, gsec, has
already been introduced to you.
The range of excellent GUI tools available for use with a Windows client machine is too numerous to describe here. A few GUI tools written in Borland Kylix, for use on Linux client machines, are also in various stages of completion.
Inspect the Downloads > Contributed > Administration Tools page at http://www.ibphoenix.com for all of the options.
Remember: you can use a Windows client to access a Linux server and vice-versa.
|
| Firebird Docset → Firebird Database Docs → Firebird 2 Quick Start → Server configuration and management |