SD - The multivalue string database - release 0.6.3
176 views
Skip to first unread message
Donald Montaine
Mar 21, 2024, 1:40:42 AMMar 21
to Pick and MultiValue Databases
Version 0.6.3
-----------------------
(mab) mods date tagged in source as 20240219 and 20240225 mab
Remove the ability to run the system in "insecure mode".
Remove SECURITY program from GPL.BP and $secure from gcat
Do not allow kernel(K$SECURE, >=0) to reset security flag.
VM - Add CHOWN function to OSPATH.
Example: CALL ospath(chown_parm,OS$CHOWN)
where chown_parm is a VM separated string <owner_name> VM <group_name> VM <file_path>
Note in version 2.6.6 OSPATH is an internal function (requires -internal at login to compile).
Also for most OS$CHOWN operations to work, user will need to be root.
GPL.BP/LOGIN
No longer allow NETWORK or SERIAL connections.
Always run in secure mode.
Do not auto create missing user account.
System admin will need to add user to sdusers group and create user default account ("create-account USER <username>" , see below) prior user login.
Change login behavior to:
on command:
sd -a<account> - if account exists, login otherwise terminate connection.
sd - if /home/sd/user_accounts/<username> exists, log to user account
else display "Account <user> not in register" and terminate connection
User must be member of sdusers group, if not terminate connection.
Note - This changes the current behavior of logging into the account found at the current directory.
Remove option to create account.
Mod CREATE-ACCOUNT
Rem was
CREATE.ACCOUNT acc.name pathname {NO.QUERY}
Now
CREATE.ACCOUNT USER <username> {NO.QUERY} - account created in /home/sd/user_accounts/<username>, owner:group set to <username>:<username>
<username> must be found in sdusers group!
CREATE.ACCOUNT GROUP acc.name {NO.QUERY} - account created in /home/sd/group_accounts/<acc.name>, owner:group set to root:sdusers
CREATE.ACCOUNT OTHER acc.name pathname {NO.QUERY} - account created in pathname, owner:group set to root:sdusers
User must be privileged (root) to use CREATE-ACCOUNT verb.
Mod DELETE-ACCOUNT
User must be privileged (root) to use DELETE-ACCOUNT verb.
Add to install script:
Create directories /home/sd/user_accounts and /home/sd/group_accounts
Add command to create user account in /home/sd/user_accounts/<$tuser>
Implementing AF_UNIX sockets (and removing AF_INET). All remote connections will only be allowed via a tunnel (ssh tunnel).
API changes:
Rebrand the GPL.BP/VBSRVR to APISRVR and associated notation.
SDConnectlocal(Account) - No Change. This connection method only works on the local system. It creates a forked process of sd and communicates via pipes,
no network involved.
SDConnectUDS(Account) - New connection method mostly for testing. This is still a local system connection only,
but connects via the Unix Domain Socket /tmp/sdsys/sdclient.socket. Connection method connects as initiating local user (the peer).
SDConnect(Host,Port,UserName,Password,Account) - Connect from remote via ssh tunnel.
If configuration file has APILOGIN=1 or not found: User and Password are validated, API server process runs with usr_id and grp_id as UserName
(remember all server connections start out as root).
If APILOGIN=0: UserName and Password are NOT validated, API server process runs with usr_id and grp_id as the User creating the ssh tunnel (peer)
User still must be a valid linux user.
Regardless of connection method, User MUST be member of sdusers group!
Update MESSAGES file, change references from SCARLETDME to String Database (sd)
Remove hold over users in $LOGINS
NOTE!! In order for this rev to build, libbsd-dev must be installed (sudo apt-get install libbsd-dev)
(mab) Create separate revision numbers for both the Virtual Machine and SD (defined in gplsrc/revstamp.h).
(mab) Add to SYSLOG sd command line.
(dsm) Created Depreciated directory for features that have been removed or modified from original function.
GPL.BP.zip contains code for removed features.
-----------------------
(mab) mods date tagged in source as 20240219 and 20240225 mab
Remove the ability to run the system in "insecure mode".
Remove SECURITY program from GPL.BP and $secure from gcat
Do not allow kernel(K$SECURE, >=0) to reset security flag.
VM - Add CHOWN function to OSPATH.
Example: CALL ospath(chown_parm,OS$CHOWN)
where chown_parm is a VM separated string <owner_name> VM <group_name> VM <file_path>
Note in version 2.6.6 OSPATH is an internal function (requires -internal at login to compile).
Also for most OS$CHOWN operations to work, user will need to be root.
GPL.BP/LOGIN
No longer allow NETWORK or SERIAL connections.
Always run in secure mode.
Do not auto create missing user account.
System admin will need to add user to sdusers group and create user default account ("create-account USER <username>" , see below) prior user login.
Change login behavior to:
on command:
sd -a<account> - if account exists, login otherwise terminate connection.
sd - if /home/sd/user_accounts/<username> exists, log to user account
else display "Account <user> not in register" and terminate connection
User must be member of sdusers group, if not terminate connection.
Note - This changes the current behavior of logging into the account found at the current directory.
Remove option to create account.
Mod CREATE-ACCOUNT
Rem was
CREATE.ACCOUNT acc.name pathname {NO.QUERY}
Now
CREATE.ACCOUNT USER <username> {NO.QUERY} - account created in /home/sd/user_accounts/<username>, owner:group set to <username>:<username>
<username> must be found in sdusers group!
CREATE.ACCOUNT GROUP acc.name {NO.QUERY} - account created in /home/sd/group_accounts/<acc.name>, owner:group set to root:sdusers
CREATE.ACCOUNT OTHER acc.name pathname {NO.QUERY} - account created in pathname, owner:group set to root:sdusers
User must be privileged (root) to use CREATE-ACCOUNT verb.
Mod DELETE-ACCOUNT
User must be privileged (root) to use DELETE-ACCOUNT verb.
Add to install script:
Create directories /home/sd/user_accounts and /home/sd/group_accounts
Add command to create user account in /home/sd/user_accounts/<$tuser>
Implementing AF_UNIX sockets (and removing AF_INET). All remote connections will only be allowed via a tunnel (ssh tunnel).
API changes:
Rebrand the GPL.BP/VBSRVR to APISRVR and associated notation.
SDConnectlocal(Account) - No Change. This connection method only works on the local system. It creates a forked process of sd and communicates via pipes,
no network involved.
SDConnectUDS(Account) - New connection method mostly for testing. This is still a local system connection only,
but connects via the Unix Domain Socket /tmp/sdsys/sdclient.socket. Connection method connects as initiating local user (the peer).
SDConnect(Host,Port,UserName,Password,Account) - Connect from remote via ssh tunnel.
If configuration file has APILOGIN=1 or not found: User and Password are validated, API server process runs with usr_id and grp_id as UserName
(remember all server connections start out as root).
If APILOGIN=0: UserName and Password are NOT validated, API server process runs with usr_id and grp_id as the User creating the ssh tunnel (peer)
User still must be a valid linux user.
Regardless of connection method, User MUST be member of sdusers group!
Update MESSAGES file, change references from SCARLETDME to String Database (sd)
Remove hold over users in $LOGINS
NOTE!! In order for this rev to build, libbsd-dev must be installed (sudo apt-get install libbsd-dev)
(mab) Create separate revision numbers for both the Virtual Machine and SD (defined in gplsrc/revstamp.h).
(mab) Add to SYSLOG sd command line.
(dsm) Created Depreciated directory for features that have been removed or modified from original function.
GPL.BP.zip contains code for removed features.
SD.VOCLIB.zip contains LISTxx code for 80x24 screen size.
(dsm) modified install script to be ubuntu specific and removed nosudo scripts.
added install of required os utilities and libraries.
added install of required os utilities and libraries.
The shared pcloud directory now contains zip files for the two ScarletDME installers that I created as well as all three releases of SD; 0.6.1, 0.6.2 & 0.6.3.
Donald Montaine
Mar 21, 2024, 1:45:52 AMMar 21
to Pick and MultiValue Databases
As always, this is a work in progress. If you find any issues, please drop a note to sd.string.database at gmail dot com or just post comments here.
Donald Montaine
Mar 21, 2024, 5:59:09 PMMar 21
to Pick and MultiValue Databases
The github repository for this project is at: https://github.com/stringdatabase/sdb64
Steven Martin Trimble
Mar 21, 2024, 6:10:16 PMMar 21
to mvd...@googlegroups.com
Donald:
couple of questions
you state:
GPL.BP/LOGIN
No longer allow NETWORK or SERIAL connections.
Always run in secure mode.
No longer allow NETWORK or SERIAL connections.
Always run in secure mode.
When you say, 'No longer allow NETWORK' connections, are you saying I can not connect via AccuTerm?
Does 'Always run in secure mode' mean I must use SSH to connect?
thanks in advance,
--
You received this message because you are subscribed to
the "Pick and MultiValue Databases" group.
To post, email to: mvd...@googlegroups.com
To unsubscribe, email to: mvdbms+un...@googlegroups.com
For more options, visit http://groups.google.com/group/mvdbms
---
You received this message because you are subscribed to the Google Groups "Pick and MultiValue Databases" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mvdbms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mvdbms/77957f62-fc36-4d76-b383-26f841a61bcen%40googlegroups.com.
Jay LaBonte
Mar 22, 2024, 5:03:08 PMMar 22
to mvd...@googlegroups.com
I agree.
No network connection seems to be an issue, and forcing secure mode seems a little harsh, if that means only SSH. I still user Telnet at time internally as it is just easier at times.
Regards,
Jay LaBonte
To view this discussion on the web visit https://groups.google.com/d/msgid/mvdbms/CAJDLGm7MU%2Bvv3Q%2BeqOu42GOHeSTqWjeEi1DkK-r6N%3D%2BtA%3DqNTg%40mail.gmail.com.
martinp...@ladybridge.com
Mar 22, 2024, 5:49:20 PMMar 22
to mvd...@googlegroups.com
Secure mode is nothing to do with SSH but is saying that the application security features are enabled. See the SECURITY command for details.
Martin
To view this discussion on the web visit https://groups.google.com/d/msgid/mvdbms/058e01da7c9c%247ce33b60%2476a9b220%24%40paradigm-systems.us.
Donald Montaine
Mar 23, 2024, 12:09:49 AMMar 23
to Pick and MultiValue Databases
SD Version 0.6.2 is still available for download. It has all the traditional QM connection capabilities.
As I have previously mentioned, this is a hobby project designed to let the developers that are interested explore some different directions for a multi-value database. We decided to require security features. This means implementing encryption in transit as a requirement. Accordingly, all remote (network) connections must be made using ssh. Telnet is still possible if through an ssh tunnel. We are developing documentation to explain the changes in more detail. It will be a long process as we are touching many aspects of a traditional QM/ScarletDME system, but we are working away at it.
We also implemented SECURITY as a requirement. Non-admin users have no ability to create or delete accounts. We also implemented a default location (/home/sd) as the base for all accounts and separated accounts into user and group accounts. In the next release non-admin users will not be able to LOGTO another personal account, only group accounts. We will also be blocking the ability for non-admin users to LOGTO SDSYS. To login to the SDSYS account, you will use 'sudo sd' which will log you into SDSYS.
We also implemented SECURITY as a requirement. Non-admin users have no ability to create or delete accounts. We also implemented a default location (/home/sd) as the base for all accounts and separated accounts into user and group accounts. In the next release non-admin users will not be able to LOGTO another personal account, only group accounts. We will also be blocking the ability for non-admin users to LOGTO SDSYS. To login to the SDSYS account, you will use 'sudo sd' which will log you into SDSYS.
Another change is that when you type 'sd' in a directory, the system will not ask to set up the directory as an SD account home. You will not be able to login unless you are a registered user. Accounts can only be created by an admin user and the appropriate directory and files will be created under either /home/sd/group_accounts or /home/sd/user_accounts. You specify 'group' or 'user' when issuing the CREATE-ACCOUNT command. If you are a registered user, typing 'sd' will make your SD user directory the current directory. When you log out you will be in your OS home directory.
We realize that not all possible users will like these changes, but given that commercial openQM and ScarletDME are availabable as alternatives that have the original feature set, and that the current SD developers are investing significant time and effort to make changes that we find appealing, we hope that some of you will find our vision interesting and hopefully even useful.
Donald Montaine
Jun 1, 2024, 3:37:56 AMJun 1
to Pick and MultiValue Databases
The SD database can be found at: https://github.com/stringdatabase/sdb64
I am discontinuing the downloads from my pcloud account. The most current and updated code can be cloned from the github repository. You can install SD directly from the cloned repository.
An install script for Fedora and related distros has been added.
You can now retain your accounts if you delete the SD system. So upgrading is as simple as, 1) delete, 2) when asked retain /home/sd, 3) reinstall. So if you update your local repository, it is quick and easy to remove the prior installation retaining all you account info and then reinstall.
krnntp
Jun 1, 2024, 8:39:34 AMJun 1
to mvd...@googlegroups.com
Very nice.
--
You received this message because you are subscribed to
the "Pick and MultiValue Databases" group.
To post, email to: mvd...@googlegroups.com
To unsubscribe, email to: mvdbms+un...@googlegroups.com
For more options, visit http://groups.google.com/group/mvdbms
---
You received this message because you are subscribed to the Google Groups "Pick and MultiValue Databases" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mvdbms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mvdbms/1688618d-ead3-41a8-9444-84fd20f3dd8an%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages