GBase 8s 数据库内部用户权限
配置参数,允许使用数据库内部用户
参数USERMAPPING控制是否允许使用数据库内部用户。
当该参数为OFF时,不允许使用内部用户访问GBase 8s。
####################################################################
# USERMAPPING - Control access to GBase for users without operating
# system accounts.
####################################################################
# OFF - users without operating system accounts cannot use GBase
# BASIC - users without operating system accounts can use GBase but
# not as privileged users
# ADMIN - users without operating system accounts can use GBase as
# privileged users
####################################################################
USERMAPPING OFF
可以使用onstat -c查看配置文件中参数内容。可以使用onmode -wf命令,设置参数的值。
[gbasedbt@devsvr ~]$ onstat -c | grep USERMAPPING
Your evaluation license will expire on 2022-09-06 00:00:00
# USERMAPPING - Control access to GBase for users without operating
USERMAPPING OFF
[gbasedbt@devsvr ~]$ onmode -wf USERMAPPING=ADMIN
Your evaluation license will expire on 2022-09-06 00:00:00
Value of USERMAPPING has been changed to ADMIN.
[gbasedbt@devsvr ~]$ onstat -c | grep USERMAPPING
Your evaluation license will expire on 2022-09-06 00:00:00
# USERMAPPING - Control access to GBase for users without operating
USERMAPPING ADMIN
[gbasedbt@devsvr ~]$
配置代理
在root用户下,创建一个用户:user_agent,做为GBase 8s内部用户的代理用户。
[root@devsvr ~]# useradd user_agent
[root@devsvr ~]# passwd user_agent
Changing password for user user_agent.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@devsvr ~]#
在root用户下,在/etc/gbasedbt目录下,创建一个名称为allowed.surrogates的文件,并配置代理的用户和组。
[root@devsvr ~]# ls /etc/gbasedbt
ls: cannot access /etc/gbasedbt: No such file or directory
[root@devsvr ~]# mkdir /etc/gbasedbt
[root@devsvr ~]# chown root:gbasedbt /etc/gbasedbt
[root@devsvr ~]# touch /etc/gbasedbt/allowed.surrogates
[root@devsvr ~]# echo "users:user_agent,gbasedbt" > /etc/gbasedbt/allowed.surrogates
[root@devsvr ~]# echo "groups:user_agent,gbasedbt" >> /etc/gbasedbt/allowed.surrogates
使代理的配置生效。
在gbasedbt用户下,执行onmode命令,使配置生效。
[gbasedbt@devsvr ~]$ onmode -cache surrogates
Your evaluation license will expire on 2022-09-06 00:00:00
[gbasedbt@devsvr ~]$
创建默认用户
[gbasedbt@devsvr ~]$ dbaccess - -
Your evaluation license will expire on 2022-09-06 00:00:00
> database sysuser;
Database selected.
> info tables;
Table name
sysauth sysdbsecadmauth sysintauthusers syssecpara
syssurrogategroups syssurrogates systcxattributes systcxusers
systrustedcontext sysusercursess sysuserext sysuserlimits
sys