Grant all privileges on all databases to sqladmin and use this account for admin users

instead of using root user
tags/0.1.2
Daniel Berteaud 12 years ago
parent 24de0da8c8
commit 309cea9e27
  1. 19
      root/etc/e-smith/db/configuration/migrate/phpmyadmin
  2. 5
      root/etc/e-smith/templates/etc/e-smith/sql/init/phpmyadmin
  3. 6
      root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All

@ -3,9 +3,18 @@
|| $DB->new_record('phpmyadmin', {type => 'webapp'}); || $DB->new_record('phpmyadmin', {type => 'webapp'});
my $pw = $rec->prop('DbPassword'); my $pw = $rec->prop('DbPassword');
if (not $pw or length($pw) < 57){ if (not $pw or length($pw) < 57){
use MIME::Base64 qw(encode_base64); my $pw = gen_pw();
$rec->set_prop('DbPassword', $pw);
}
$pw = $rec->prop('AdminPassword');
if (not $pw or length($pw) < 57){
my $pw = gen_pw();
$rec->set_prop('AdminPassword', $pw);
}
$pw = "not set due to error"; sub gen_pw {
use MIME::Base64 qw(encode_base64);
my $p = "not set due to error";
if ( open( RANDOM, "/dev/urandom" ) ){ if ( open( RANDOM, "/dev/urandom" ) ){
my $buf; my $buf;
# 57 bytes is a full line of Base64 coding, and contains # 57 bytes is a full line of Base64 coding, and contains
@ -14,15 +23,15 @@
warn("Short read from /dev/random: $!"); warn("Short read from /dev/random: $!");
} }
else{ else{
$pw = encode_base64($buf); $p = encode_base64($buf);
chomp $pw; chomp $p;
} }
close RANDOM; close RANDOM;
} }
else{ else{
warn "Could not open /dev/urandom: $!"; warn "Could not open /dev/urandom: $!";
} }
$rec->set_prop('DbPassword', $pw); return $p;
} }
} }

@ -2,6 +2,7 @@
my $db = $phpmyadmin{'DbName'} || 'phpmyadmin'; my $db = $phpmyadmin{'DbName'} || 'phpmyadmin';
my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin'; my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin';
my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin'; my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin';
my $admpass = $phpmyadmin{'AdminPassword'} || 'adminpass';
my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`; my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`;
@ -40,8 +41,10 @@ REPLACE INTO db (
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
'N', 'Y', 'Y'); 'N', 'Y', 'Y');
GRANT ALL ON *.* TO 'sqladmin'\@'localhost' IDENTIFIED BY '$admpass'
WITH GRANT OPTION;
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
EOF EOF
END END
} }

@ -1,7 +1,7 @@
{ {
use esmith::AccountsDB; use esmith::AccountsDB;
use esmith::util; my $admpass = $phpmyadmin{'AdminPassword'} || 'admpass';
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n"; my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
$OUT .= "// login and password for MySQL access\n"; $OUT .= "// login and password for MySQL access\n";
@ -13,8 +13,8 @@ foreach my $u ($a->users,$a->get('admin')){
# Members of the admins group automatically have # Members of the admins group automatically have
# full privileges on MySQL # full privileges on MySQL
if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){ if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){
$login = 'root'; $login = 'sqladmin';
$pass = esmith::util::LdapPassword(); $pass = $admpass;
} }
next unless (($login ne '') && ($pass ne '')); next unless (($login ne '') && ($pass ne ''));
$OUT .= "// Credentials for $user\n"; $OUT .= "// Credentials for $user\n";

Loading…
Cancel
Save