Grant all privileges on all databases to sqladmin and use this account for admin users
instead of using root user
This commit is contained in:
parent
24de0da8c8
commit
309cea9e27
|
@ -3,9 +3,18 @@
|
||||||
|| $DB->new_record('phpmyadmin', {type => 'webapp'});
|
|| $DB->new_record('phpmyadmin', {type => 'webapp'});
|
||||||
my $pw = $rec->prop('DbPassword');
|
my $pw = $rec->prop('DbPassword');
|
||||||
if (not $pw or length($pw) < 57){
|
if (not $pw or length($pw) < 57){
|
||||||
use MIME::Base64 qw(encode_base64);
|
my $pw = gen_pw();
|
||||||
|
$rec->set_prop('DbPassword', $pw);
|
||||||
|
}
|
||||||
|
$pw = $rec->prop('AdminPassword');
|
||||||
|
if (not $pw or length($pw) < 57){
|
||||||
|
my $pw = gen_pw();
|
||||||
|
$rec->set_prop('AdminPassword', $pw);
|
||||||
|
}
|
||||||
|
|
||||||
$pw = "not set due to error";
|
sub gen_pw {
|
||||||
|
use MIME::Base64 qw(encode_base64);
|
||||||
|
my $p = "not set due to error";
|
||||||
if ( open( RANDOM, "/dev/urandom" ) ){
|
if ( open( RANDOM, "/dev/urandom" ) ){
|
||||||
my $buf;
|
my $buf;
|
||||||
# 57 bytes is a full line of Base64 coding, and contains
|
# 57 bytes is a full line of Base64 coding, and contains
|
||||||
|
@ -14,15 +23,15 @@
|
||||||
warn("Short read from /dev/random: $!");
|
warn("Short read from /dev/random: $!");
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
$pw = encode_base64($buf);
|
$p = encode_base64($buf);
|
||||||
chomp $pw;
|
chomp $p;
|
||||||
}
|
}
|
||||||
close RANDOM;
|
close RANDOM;
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
warn "Could not open /dev/urandom: $!";
|
warn "Could not open /dev/urandom: $!";
|
||||||
}
|
}
|
||||||
$rec->set_prop('DbPassword', $pw);
|
return $p;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
my $db = $phpmyadmin{'DbName'} || 'phpmyadmin';
|
my $db = $phpmyadmin{'DbName'} || 'phpmyadmin';
|
||||||
my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin';
|
my $user = $phpmyadmin{'DbUser'} || 'phpmyadmin';
|
||||||
my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin';
|
my $pass = $phpmyadmin{'DbPassword'} || 'phpmyadmin';
|
||||||
|
my $admpass = $phpmyadmin{'AdminPassword'} || 'adminpass';
|
||||||
|
|
||||||
my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`;
|
my $dbstruct = `rpm -qd ipasserelle-phpmyadmin | grep phpmyadmin.sql`;
|
||||||
|
|
||||||
|
@ -40,8 +41,10 @@ REPLACE INTO db (
|
||||||
'Y', 'Y', 'Y', 'Y', 'Y',
|
'Y', 'Y', 'Y', 'Y', 'Y',
|
||||||
'N', 'Y', 'Y');
|
'N', 'Y', 'Y');
|
||||||
|
|
||||||
|
GRANT ALL ON *.* TO 'sqladmin'\@'localhost' IDENTIFIED BY '$admpass'
|
||||||
|
WITH GRANT OPTION;
|
||||||
|
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
EOF
|
EOF
|
||||||
END
|
END
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
|
|
||||||
use esmith::AccountsDB;
|
use esmith::AccountsDB;
|
||||||
use esmith::util;
|
my $admpass = $phpmyadmin{'AdminPassword'} || 'admpass';
|
||||||
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
|
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
|
||||||
|
|
||||||
$OUT .= "// login and password for MySQL access\n";
|
$OUT .= "// login and password for MySQL access\n";
|
||||||
|
@ -13,8 +13,8 @@ foreach my $u ($a->users,$a->get('admin')){
|
||||||
# Members of the admins group automatically have
|
# Members of the admins group automatically have
|
||||||
# full privileges on MySQL
|
# full privileges on MySQL
|
||||||
if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){
|
if (($a->is_user_in_group($user,'admins')) || ($a->is_user_in_group($user,'mysqladmins'))){
|
||||||
$login = 'root';
|
$login = 'sqladmin';
|
||||||
$pass = esmith::util::LdapPassword();
|
$pass = $admpass;
|
||||||
}
|
}
|
||||||
next unless (($login ne '') && ($pass ne ''));
|
next unless (($login ne '') && ($pass ne ''));
|
||||||
$OUT .= "// Credentials for $user\n";
|
$OUT .= "// Credentials for $user\n";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user