Mark O'Donohue, February 14, 2005

"What causes a non-root user to be refused a connection?"

Often users on remote client encounter problems with trying to connect to Firebird on Linux using a non-root user, although they can connect as root. Here I look at some of the questions people ask and try to explain the details you need.

Assuming we are talking about these users using isql to get to the database, rather than an application connecting via a language interface such as the .NET provider, this condition occurs only for Classic and local access.

There is a number of likely causes:
  1. user not in group firebird
  2. user does not have physical write access to db file
  3. and one extra point: remote access will need Firebird user name and password.
The reason root user works fine is that, as a *special* user, root has physical write access to both the /opt/firebird/* files and the database file, whereas a normal user doesn't.

Let's look at the non-root users's problems now.
  1. User not in group firebird
You will see this error:

$/opt/firebird/bin/isql
SQL> connect '/var/firebird/yourdb.fdb'; Statement failed, SQLCODE = -902
operating system directive open failed


This tells you that do not have the filesystem privileges to allow you *write* access to the /opt/firebird/* files.

Solution: That user needs to be added to the firebird group.

$groups - will list the user groups
$usermod -G firebird <username> - will add them. Be careful, as you need to format the command with any existing groups they are in as well. For example,

$usermod -G firebird,cdwriter,.. <username>

For this, my suggestion is to use a GUI admin tool to add the user to the group.

The user also needs to logoff and log back on for the new group add to take effect.
  1. "Some of the users were having the problem, even if they added the non-root user to the firebird user group."
The user does not have write access to db file. The error you will see is:

$/opt/firebird/bin/isql
SQL> connect '/var/firebird/yourdb.fdb';
Statement failed, SQLCODE = -551
No permission for read-write access to database /var/firebird/yourdb.fdb


You have write access to the /opt/firebird/* files, but no *write* access to the actual database file, usually indicating that the group write permission is missing:

-rw-r--r-- 1 firebird firebird 29M Feb 14 12:54 /var/firebird/yourdb.fdb

To add the missing group write permission:

$chmod ug+rw <dbfile.fdb>
  1. Remote access will need user name and password.
Do take note that any remote access, even by root user, will require user name and password. If you forget, you'll see this error:

$ /opt/firebird/bin/isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/var/firebird/yourdb.fdb';

Statement failed, SQLCODE = -923
Connection rejected by remote interface


On Classic, the root local user can connect directly:

/opt/firebird/bin/isql /var/firebird/yourdb.fdb

whereas, for Superserver, you will always need to do your local connection through localhost and will need the user name and password:

/opt/firebird/bin/isql localhost:/var/firebird/yourdb.fdb -u <x> -p <y>

If you are calling isql directly from the Firebird bin directory, Windows users sometimes need to be reminded to use the "dot-slash" convention:

./isql localhost:/var/firebird/yourdb.fdb -u <x> -p <y>