Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiuser server startup (/etc/init.d) script picks up the ISC_ variables if set. [CORE3721] #4069

Closed
firebird-automations opened this issue Jan 9, 2012 · 12 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @reevespaul

If ISC_USER/ISC_PASSWORD are set install script fails when it tries to set the new sysdba password. It happens because fbmgr is using the ISC_USER variable, but onl;y root/firebird/sysdba may start server.

Commits: 6e5ce28 005fc13 a913194

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Paul, I could not reproduce an issue.
Look here:

fbs2 bin #⁠ export ISC_USER=qq
fbs2 bin #⁠ export ISC_PASSWORD=qq
fbs2 bin #⁠ ./changeDBAPassword.sh
This script is deprecated and should be removed in newer FB versions.
Please use gsec utility directly to change SYSDBA password.
Please enter current password for SYSDBA user: masterkey
Please enter new password for SYSDBA user: abc
fbs2 bin #⁠ ./changeDBAPassword.sh
This script is deprecated and should be removed in newer FB versions.
Please use gsec utility directly to change SYSDBA password.
Please enter current password for SYSDBA user: abc
Please enter new password for SYSDBA user: masterkey
fbs2 bin #⁠ echo $ISC_USER
qq
fbs2 bin #⁠ echo $ISC_PASSWORD
qq

And this looks like expected behavior loogin at the script. gsec is invoked with -user and -password switches:

/opt/firebird.CS.2.5/bin/gsec -user sysdba -password $OrigPasswd -modify sysdba -pw $NewPasswd

In this case env vars are not picked up at all.

I.e. I need more details.

@firebird-automations
Copy link
Collaborator Author

Commented by: @reevespaul

If I recall correctly exported variables aren't detected by a script run in the same shell. It picks up the parent environment. It might work as expected if you try:

fbs2 bin #⁠ export ISC_USER=qq
fbs2 bin #⁠ export ISC_PASSWORD=qq
fbs2 bin #⁠ source http://changeDBAPassword.sh

What I was doing was exporting the ISC_variables from profile.local so that all shells had the variables set. In future I'm going to remove this from profile.local and configure individual users via .bashrc.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

I tried with both changeDBAPassword and install scripts.

fbs2 opt #⁠ export ISC_PASSWORD=qq
fbs2 opt #⁠ export ISC_USER=qq
fbs2 FirebirdCS-2.5.1.26351-0.amd64 #⁠ source http://install.sh

Firebird classic 2.5.1.26351-0.amd64 Installation

Press Enter to start installation or ^C to abort
Extracting install data
Please enter new password for SYSDBA user: 1234
Install completed

But the fact that you've set env in profile.local makes me ask - did you use super or classic server?

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Paul, I've reproduced a kind of mentioned behavior. With ISC_USER/PASSWORD set globally fbmgr fails to start SS with message:
no permissions to perform operation
And yes - this looks like gsec diag.

Can you confirm that's what cause you problems? Can you send me screenshot of an error?

@firebird-automations
Copy link
Collaborator Author

Commented by: @reevespaul

Alex, here is the output when I try to install Fb 2.5 SS when ISC_vars are set in profile.local:

--------------------------------------------------------------------------------------------------------------------------
testfb25:/usr/src/tarballs/FirebirdSS-2.5.1.26352-1.amd64 #⁠ ./install.sh

Firebird super 2.5.1.26352-0.amd64 Installation

Press Enter to start installation or ^C to abort
Extracting install data
firebird 0:off 1:off 2:on 3:on 4:off 5:on 6:off
Starting Firebird done
Please enter new password for SYSDBA user: masterkey
use gsec -? to get help
Unable to complete network request to host "localhost".
Failed to establish a connection.
unable to open database

Please enter new password for SYSDBA user:

-----------------------------------------------------------------------------------------------------------------

If I comment out the ISC_ vars in profile.local and then run the install script I get this:

-------------------------------------------------------------------------------------------------------------------

testfb25:/usr/src/tarballs/FirebirdSS-2.5.1.26352-1.amd64 #⁠ ./install.sh

Firebird super 2.5.1.26352-0.amd64 Installation

Press Enter to start installation or ^C to abort
Extracting install data
firebird 0:off 1:off 2:on 3:on 4:off 5:on 6:off
Starting Firebird done
Please enter new password for SYSDBA user: masterkey
Install completed

---------------------

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

description: If ISC_USER/ISC_PASSWORD are set the http://changeDBAPassword.sh script fails when it tries to add the new sysdba password because gsec will attempt to use the ISC_ variables. But the user/pw pair does not yet exist in the security database. (Although I didn't try with the variables set to SYSDBA/masterkey. That might work. )

=>

If ISC_USER/ISC_PASSWORD are set install script fails when it tries to set the new sysdba password. It happens because fbmgr is using the ISC_USER variable, but onl;y root/firebird/sysdba may start server.

summary: http://changeDBAPassword.sh picks up the ISC_ variables if set. => Multiuser server startup (/etc/init.d) script picks up the ISC_ variables if set.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Trunk does not use fbmgr to start firebird any more, but cleaning that 2 envvars is anyway good idea.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 Alpha 1 [ 10331 ]

Fix Version: 2.1.5 [ 10420 ]

Fix Version: 2.5.2 [ 10450 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment