firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 19:23:03 +01:00
Code Issues
601ebe3929
firebird-mirror/doc/README.instsvc
alexpeshkoff 23fd7d54b5 some more readme's
2003-06-22 12:37:13 +00:00

80 lines
3.2 KiB
Plaintext
Raw Blame History

README to instsvc.exe
----------------------
Author: Alex Peshkov (pes@insi.yaroslavl.ru)
Firebird provides a standard routine to manage the Firebird Service
on WinNT/2000/XP platforms - instsvc.exe.
NOTE Most of the instsvc switches are self-explanatory.
The only obscure one - the -z switch - causes
instsvc.exe to print the Firebird software version
as the first line of output.
To install the Firebird service on your box:
instsvc {install Firebird_directory [-auto | -demand] [-superserver | -classic]}
[-g[uardian]] [-l[ogin] username [password]] [-z]
To remove the service:
instsvc {remove} [-g[uardian]] [-z]
To set the priority of the server process next time it is installed
(see also the reimplemented ProcessPriorityLevel parameter in
firebird.conf):
instsvc {configure [-boostpriority | -regularpriority]} [-z]
To start the Firebird service with altered process priority:
instsvc {start [-boostpriority | -regularpriority] } [-z]
To stop the Firebird service:
instsvc {stop} [-z]
To enhance Firebird security, the service management program
has been modified to accept a login switch, to optionally
pre-empt the LocalSystem user from being, by default, the user
under which the Firebird service logs in.
NOTE Regular user login is not compatible with the local access
protocol, which relies on SERVICE_INTERACTIVE_PROCESS mode
("Allow service to interact with Desktop"). For this reason,
unfortunately, the local access protocol remains a source of
vulnerability.
If the -[L] switch is not present, instsvc.exe proceeds as
before, logging in the service using the LocalSystem profile.
The switch [-Login username [password]] allows the Firebird
service to log in as a real user instead of the LocalSystem user.
When instsvc.exe detects this switch, it looks for two arguments,
username and password.
If a username is present, it proceeds to check the next string.
If the first character is not a '-' (minus sign), it interprets the
string as a password. Thus, the password should not begin with '-'.
If the username and password do not resolve to a valid domain
user, or one or both are missing, the usual NT built-in checking takes
over and any error will be due to a validation failure of the
domain\user string that is resolved from the input.
The user username needs to have privileges to log in as a service,
as well as read/write access to all databases and the firebird.log file.
For security reasons, write access to firebird.conf and Firebird
executables should NOT be given.
Use of the -L switch disables the use of local protocol, so the
system administrator must choose between increased security and the
ability to use the local database access protocol. For production servers
that need to run in potentially aggressive environments, the -L switch is
strongly recommended.
NOTE A reworking of windows local access - a relic of its original
implementation back in Windows 3.11 - is overdue and is scheduled
for a release beyond Firebird 1.5. Amongst other changes, it
will be made compatible with the -l[ogin] switch in instsvc.exe.
View Git Blame Copy Permalink