I'm getting error "no permission for read/select access to DATABASE" when I try to connect to a Firebird database with a user different than SYSDBA, lets say user SOM.
If I create a new database with SYSDBA on the same server, then grant access to the objects there to SOM, it is connecting without problem, but for this particular database - not. I tried to give all rights, including to the system objects to SOM (I'm using the great IBExpert where this is possible), no success.
c:\Program Files\Firebird\Firebird_2_5\bin>isql -user SOM -password secret
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect "c:\data\data.fdb";
Database: "c:\data\data.fdb", User: SOM
SQL> select * from exampletable ;
Statement failed, SQLSTATE = 28000
no permission for read/select access to DATABASE
Command error: select * from exampletable
I was unable to find way to grant anything to object DATABASE.
What could be the reason is that the problematic database was restored via gbak, version 2.5 from Firebird 3 database (downgrade on this way from Firebird 3 to 2.5).
A possible solution is to restore the database with user SOM, but I don't want that the user SOM is the owner of the database. If I do a backup and restore with SYSDBA, the same problem comes back again.
Solution provided in the firebird-support mailing list:
Attach as SYSDBA and run
UPDATE RDB$DATABASE SET RDB$SECURITY_CLASS = NULL
have you tried gbak from 2.5 to BACKUP FB 3 database?
FB 3 running
place gbak from 2.5 to fb 3 folder, as gbak25. Or, do as you wish, but gbak from 2.5 need to use fbclient.dll from 3.0
gbak25 -b -g -v db.fdb db.fbk -user ... -pass ...
then restore this backup on 2.5.
Related
In a newly created database, I don't get any error message when I log in with the wrong user and password (the users TTT and AAA don't even exist)
[root#fewww bin]# ./isql /opt/db/treewww/ftree.db -user ttt -password bbb;
Database: /opt/db/treewww/ftree.db, User: TTT
SQL> exit;
[root#fewww bin]# ./isql /opt/db/treewww/ftree.db -user aaa -password ccc;
Database: /opt/db/treewww/ftree.db, User: AAA
SQL> SELECT rdb$get_context('SYSTEM', 'ENGINE_VERSION') from rdb$database;
RDB$GET_CONTEXT
===============================================================================
3.0.2
At the same time, I get a 'regular' error message in another database when I use the wrong login credentials:
[root#fewww bin]# ./isql /opt/db/testwww/ftest.db -user aaa -password ddd
Statement failed, SQLSTATE = 08001
I/O error during "lock" operation for file "/opt/db/testwww/ftest.db"
-Database already opened with engine instance, incompatible with current
Use CONNECT or CREATE DATABASE to specify a database
Could you please explain the matter?
You only specify a path to the database, and not a hostname, and as a result, isql uses the Firebird Embedded database engine to open and access the database, and not the Firebird server. Since Firebird 3, Firebird Embedded no longer verifies passwords on Linux (it never did this on Windows, and now Linux follows the same rule), see also the Firebird 3 Release Notes.
This applies the assumption that if a user has direct read and write access to the database file, then they are allowed to open it. The specified username is still used, to apply the privileges granted to that user, and given no passwords are checked, any username is considered valid. Such a user probably won't have sufficient privileges to do much except query system tables, unless you have granted privileges to that username or to the user PUBLIC.
The second error you show likely means that the database was opened by another application using a different Firebird engine (e.g. a Firebird server process in SuperServer mode), or possibly your user and that process don't have the same access rights to lockfiles (not 100% sure about this). You could try connecting through localhost to see if you can access the database that way: isql localhost:/opt/db/testwww/ftest.db -user aaa -password ddd.
When I try anything in isql, I get the message:
Your user name and password are not defined. Ask your database
administrator to set up a Firebird login.
unable to open database
When I try to create the user I still get the message:
C:\Program Files\Firebird\Firebird_3_0>gsec -user sysdba -password masterkey
use gsec -? to get help
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
unable to open database
But I am the administrator, and I installed it.
How do I create the user SYSDBA in Firebird?
The combination of the "Your user name and password are not defined. Ask your database administrator to set up a Firebird login." with "unable to open database" does not mean the SYSDBA account does not exist, it means that the Firebird process was unable to open the security database to perform authentication.
This can happen if you installed Firebird in C:\Program Files, and you are running the Firebird server as an application (instead of as a service) and UAC is enabled, or you are running as a service, but the user account running the service has insufficient rights to read and write to the security3.fdb file.
You either need to run Firebird as a service (e.g. as configured by the installer), or - if you really want to run Firebird as an application - install Firebird outside of C:\Program Files.
How do I create the user SYSDBA in Firebird?
Connect to any database (security.db or employee) in embedded mode using user name SYSDBA (password is not needed in this mode) and issue SQL command "CREATE USER" as described in Firebird Language Reference.
You can learn more about embedded mode from Firebird 3.0 Release Notes.
I'm trying to connect to employee.fdb in Firebird3.0 (localhost) using FlameRobin 0.9.3 on a Ubuntu OS.
The connection to Firebird using isql has no issues. I can create users, roles, etc all from the terminal. However, when I attempt to make a connection using FlameRobin I receive a 335544344 "Error while trying to open file Permission denied" response.
This occurs with the SYSDBA profile and any other new user profiles that I create in isql. I can even create new users in FlameRobin but I cannot connect to any database. I've verified in /etc/firebird/3.0/firebird.conf that DatabaseAccess = Full and have attempted to access the db from a couple different folders in case this is a read/write issue. No success.
I feel like I'm missing something obvious. Any thoughts?
Added info in response to Mark (4/26):
The db is stored in /var/lib/firebird/3.0/data/. I have assumed this to be the default location for Firebird DBs and that the server automatically has access to it, but I suppose that might not be the case. Is there a way to confirm server permissions to this directory and/or is this the customary spot to store work?
Terminal Connection with ISQL:
daniel#daniel-desktop:~$ isql-fb
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect '/var/lib/firebird/3.0/data/employee.fdb' user sysdba password 'xxxxxxx';
Database: '/var/lib/firebird/3.0/data/employee.fdb', User: SYSDBA
SQL>
FlameRobin Database Registration Info:
FlameRobin Error:
This is a permissions issue as #MarkRotteveel suggested. Problem was that I installed the server as a user and not as root. Problem solved by removing and reinstalling both Firebird and FlameRobin as root.
I'm trying to run a postgresql Database on Ubuntu 16.04 LTS.
First I installed postgres using sudo apt-get install postgresql which installed version 9.5.1. I then created another user and a new database. I've granted all privileges for the new database to new new user and set the owner to the new user also.
I connected to the new database and filled it by restoring an plain backup (dump) I've created from another database (which has postgresql version 9.2) by using \i /path/to/dump.sql. I got no errors, and when I then typen \dt I got the list with the tables.
The problem is: When I now disconnect (\q) and re-connect (same as I connected before, sudo psql -U "username" dbname) and type \dt again, it says "No relations found". When I try to fill it again, I get a bunch of errors like "Relation relationname already exists".
Another problem/symptom appears when I try to use pgAdmin (installed via sudo apt-get install pgadmin3). When trying to connect using localhost, I can't connect using the newly created user (which which I can connect from the terminal). But I can connect using postgres with the password I set via Terminal. I do not see any DB I manually create from command line from pgAdmin tho.
So yeah, my guess is that at least one problem may be version incompatibility between 9.2 and 9.5. Is there any way to test/fix this? But I also think there should be other problems.
What you describe may happen if the SQL dump contains a SET search_path TO...command that sets it to a different value than what your user has by default.
So not only it will create its tables and other objects in that schema, but it will leave that search_path for the rest of the session, so when you do \dt in that same session, it does see and list the newly created tables.
But when you quit and reenter psql, this search_path is not longer in effect, you're back to the default search_path of your user, which supposedly doesn't reach the schema, so \dt no longer "sees" any table.
You can use show search_path to check this setting in a psql session, and grep "SET search_path" in the SQL file to check what it's being set to.
Per comment, it appears to be the case: the dump creates the tables into a schema that is outside of the user's default search path.
A possible solution for that user to work seamlessly would be to update its search path so that it always reaches this schema first. This can be done with:
ALTER USER username SET search_path TO schema1,"$user",public;
where schema1 is what the SQL dump refers to and where it created the tables.
I installed openerp 7 on ubuntu and worked for a while.
When I restarted ubuntu, I opened openerp and tried to login but didn't find the databases I've created before and it took me to the (Database Management) page in order to create a new database as if it were my first time.
I tried to make a duplicate of an existing database as a workaround, but when I wrote the old database name, I got this message:
ProgrammingError: permission denied to copy database "test"
I tried to access postgres using pgadmin and I succeeded and could access all the databases from the pgadmin.
You need to give the access rights on particular database for particular openerp user.
First Create the OpenERP user that will own and run the application
sudo adduser --system --home=/opt/openerp --group openerp
Then Next,
First change to the postgres user so we have the necessary privileges to configure the database.
sudo su - postgres
Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:
createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp
Enter password for new role: ********
Enter it again: ********
Finally exit from the postgres user account:
exit
Here is source link http://www.theopensourcerer.com/2012/12/how-to-install-openerp-7-0-on-ubuntu-12-04-lts/