Grant all privileges on all databases to sqladmin and use this account for admin users

instead of using root user
tags/0.1.2
Daniel Berteaud 12 years ago
parent 24de0da8c8
commit 309cea9e27
  1. 19
      root/etc/e-smith/db/configuration/migrate/phpmyadmin
  2. 5
      root/etc/e-smith/templates/etc/e-smith/sql/init/phpmyadmin
  3. 6
      root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All

@ -3,9 +3,18 @@
|| $DB->new_record('phpmyadmin', {type => 'webapp'});
my $pw = $rec->prop('DbPassword');
if (not $pw or length($pw) < 57){
use MIME::Base64 qw(encode_base64);
my $pw = gen_pw();
$rec->set_prop('DbPassword', $pw);
}
$pw = $rec->prop('AdminPassword');
if (not $pw or length($pw) < 57){
my $pw = gen_pw();
$rec->set_prop('AdminPassword', $pw);
}
$pw = "not set due to error";
sub gen_pw {
use MIME::Base64 qw(encode_base64);
my $p = "not set due to error";
if ( open( RANDOM, "/dev/urandom" ) ){
my $buf;
# 57 bytes is a full line of Base64 coding, and contains
@ -14,15 +23,15 @@
warn("Short read from /dev/random: $!");
}
else{
$pw = encode_base64($buf);
chomp $pw;
$p = encode_base64($buf);
chomp $p;
}
close RANDOM;
}
else{
warn "Could not open /dev/urandom: $!";
}
$rec->set_prop('DbPassword', $pw);
return $p;
}
}

@ -2,6 +2,7 @@
my $db = $phpmyadmin{'DbName'} || 'phpmyadmin';
my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin';
my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin';
my $admpass = $phpmyadmin{'AdminPassword'} || 'adminpass';
my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`;
@ -40,8 +41,10 @@ REPLACE INTO db (
'Y', 'Y', 'Y', 'Y', 'Y',
'N', 'Y', 'Y');
GRANT ALL ON *.* TO 'sqladmin'\@'localhost' IDENTIFIED BY '$admpass'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
END
}

@ -1,7 +1,7 @@
{
use esmith::AccountsDB;
use esmith::util;
my $admpass = $phpmyadmin{'AdminPassword'} || 'admpass';
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
$OUT .= "// login and password for MySQL access\n";
@ -13,8 +13,8 @@ foreach my $u ($a->users,$a->get('admin')){
# Members of the admins group automatically have
# full privileges on MySQL
if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){
$login = 'root';
$pass = esmith::util::LdapPassword();
$login = 'sqladmin';
$pass = $admpass;
}
next unless (($login ne '') && ($pass ne ''));
$OUT .= "// Credentials for $user\n";

Loading…
Cancel
Save