Firebird Documentation Index → Gsec - Password File Utility
Firebird Home Firebird Home Firebird Documentation IndexNext: Command Line Options

Firebird Password File Utility

Norman Dunbar

11 October 2011 – Document version 1.4

Table of Contents

Command Line Options
Gsec Commands
Interactive Mode
Batch Mode
Running Gsec Remotely
Gsec caveats
A. Document history
B. License notice


Gsec is the security database manipulation utility. It allows the SYSDBA (or any privileged user) the ability to maintain user accounts for various Firebird databases. Using various options, users can be added, amended or deleted from the security database.


A privileged user is an account on the database server which the Firebird engine considers to be privileged enough to automatically be given SYSDBA rights. At present there are four login names that are assumed to be privileged, these are:

  • root

  • firebird

  • interbase

  • interbas (without the 'e')

Normal users, ie all those accounts not listed above, can only see their own user details from version 2.0 of Firebird. They can, however, change their own passwords with the new version. Previously the SYSDBA had to make the changes on behalf of the users..


It is possible on some operating systems that users will not be able to run gsec, even if they know the SYSDBA password. This is because those operating systems allow the system administrator to set file system permissions which prevent execution of certain programs and utilities for security reasons.

The Firebird database holds details of all users in a single security database. This is located on the server in a normal Firebird database named security.fdb for Firebird 1.5 or security2.fdb for Firebird 2.0 onwards. The default locations for this file are :

  • C:\Program Files\Firebird\Firebird_1_5 for Windows. (Change '1_5' to suit your Firebird version.)

  • /opt/firebird for Linux and other Unix systems.

The gsec utility manipulates data in the table(s) in the security database, and by doing so, allows users to be added, amended and deleted from the system.

Up until Firebird 2.0, it used to be possible to use isql to connect directly to the security database as the SYSDBA user. This is no longer possible, even if you have the SYSDBA username and password and/or are logged in as a privileged user.

Like most of the command line utilities supplied with Firebird, gsec can be run in interactive or batch mode and has a help screen showing all of the utility's options, we'll be seeing that a little later on.

In the remainder of this manual we shall discuss the following:

  • Command line options for gsec.

  • Gsec commands and their parameters.

  • Running gsec in interactive or batch modes, both of which allow you to :

    • Display user details.

    • Amend user details.

    • Add new users.

    • Delete existing users.

  • Using gsec to administer a remote security database.

  • Some caveats, gotchas and foibles of gsec.

Firebird Documentation IndexNext: Command Line Options
Firebird Documentation Index → Gsec - Password File Utility