Grant all privileges on all databases to sqladmin and use this account for admin users
instead of using root user
This commit is contained in:
parent
24de0da8c8
commit
309cea9e27
|
@ -3,9 +3,18 @@
|
|||
|| $DB->new_record('phpmyadmin', {type => 'webapp'});
|
||||
my $pw = $rec->prop('DbPassword');
|
||||
if (not $pw or length($pw) < 57){
|
||||
use MIME::Base64 qw(encode_base64);
|
||||
my $pw = gen_pw();
|
||||
$rec->set_prop('DbPassword', $pw);
|
||||
}
|
||||
$pw = $rec->prop('AdminPassword');
|
||||
if (not $pw or length($pw) < 57){
|
||||
my $pw = gen_pw();
|
||||
$rec->set_prop('AdminPassword', $pw);
|
||||
}
|
||||
|
||||
$pw = "not set due to error";
|
||||
sub gen_pw {
|
||||
use MIME::Base64 qw(encode_base64);
|
||||
my $p = "not set due to error";
|
||||
if ( open( RANDOM, "/dev/urandom" ) ){
|
||||
my $buf;
|
||||
# 57 bytes is a full line of Base64 coding, and contains
|
||||
|
@ -14,15 +23,15 @@
|
|||
warn("Short read from /dev/random: $!");
|
||||
}
|
||||
else{
|
||||
$pw = encode_base64($buf);
|
||||
chomp $pw;
|
||||
$p = encode_base64($buf);
|
||||
chomp $p;
|
||||
}
|
||||
close RANDOM;
|
||||
}
|
||||
else{
|
||||
warn "Could not open /dev/urandom: $!";
|
||||
}
|
||||
$rec->set_prop('DbPassword', $pw);
|
||||
return $p;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
my $db = $phpmyadmin{'DbName'} || 'phpmyadmin';
|
||||
my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin';
|
||||
my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin';
|
||||
my $admpass = $phpmyadmin{'AdminPassword'} || 'adminpass';
|
||||
|
||||
my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`;
|
||||
|
||||
|
@ -40,8 +41,10 @@ REPLACE INTO db (
|
|||
'Y', 'Y', 'Y', 'Y', 'Y',
|
||||
'N', 'Y', 'Y');
|
||||
|
||||
GRANT ALL ON *.* TO 'sqladmin'\@'localhost' IDENTIFIED BY '$admpass'
|
||||
WITH GRANT OPTION;
|
||||
|
||||
FLUSH PRIVILEGES;
|
||||
EOF
|
||||
END
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
|
||||
use esmith::AccountsDB;
|
||||
use esmith::util;
|
||||
my $admpass = $phpmyadmin{'AdminPassword'} || 'admpass';
|
||||
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
|
||||
|
||||
$OUT .= "// login and password for MySQL access\n";
|
||||
|
@ -13,8 +13,8 @@ foreach my $u ($a->users,$a->get('admin')){
|
|||
# Members of the admins group automatically have
|
||||
# full privileges on MySQL
|
||||
if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){
|
||||
$login = 'root';
|
||||
$pass = esmith::util::LdapPassword();
|
||||
$login = 'sqladmin';
|
||||
$pass = $admpass;
|
||||
}
|
||||
next unless (($login ne '') && ($pass ne ''));
|
||||
$OUT .= "// Credentials for $user\n";
|
||||
|
|
Loading…
Reference in New Issue