MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Development => Topic started by: Spacedust on 2014-03-09, 18:02:38
-
We are now in process of converting all users to new 41-char passwords and guess what ?
There are still mysql.users from accounts removed few years ago ! This is just crazy :/
-
@Spacedust,
I already wrote about this problem. When you remove some database, the user assigned to this db is not removed.
Here is the topic: http://forum.mratwork.com/kloxo-mr-development/mysql-db-remove
-
@Spacedust,
I already wrote about this problem. When you remove some database, the user assigned to this db is not removed.
Here is the topic: http://forum.mratwork.com/kloxo-mr-development/mysql-db-remove
Now we have hundreds of non-existing customer password that needs to be checked if they exist before converting to 41-chars :/ Same with PowerDNS entries !
-
+1. @spacedust and @insanity. The mysql users need to be removed, this is a very BIG problem as time goes on.
-
Yes it is same and with all folders. We have so much removed domains, but files and folders still exist :)
-
It's not simple remove domain also remove document root of domain. The same issue with database.
The reason is it's possible document root not using by 1 domain (in case parking domain). The same issue with database where 1 username have privileges to more than 1 database.
-
For document will be implementing delete docroot if this docroot only use by 1 web.
This is the logic:
// MR -- also delete docroot if only refer to 1 web
$c = db_get_count("web", "customer_name = '{$this->customer_name}' AND docroot = '$this->docroot'");
if ((int)$c === 1) {
recursively_remove($this->getFullDocRoot());
}
Note:
- function db_get_count is a new function and only ready in Kloxo-MR 6.5.1 since alpha
- ready for next upload of 6.5.1.b
-
In KloxoMR every database a new user is created, why not delete that user when the database is deleted?
-
Original code is not include delete username if database deleted.
Delete database also delete database username still dangerously. It's not easy to detect privileges.
-
Original code already have a code for delete user but wrong code:
function deleteDatabase()
{
$rdb = $this->lx_mysql_connect('localhost', $this->main->__var_dbadmin, $this->main->__var_dbpassword);
$rdb->query("drop database {$this->main->dbname};");
$this->log_error_messages(false);
$rdb->query("delete from mysql.user where user = '{$this->main->username}';");
$this->log_error_messages(false);
$rdb->query("flush privileges;");
}
Need modified to:
function deleteDatabase()
{
$rdb = $this->lx_mysql_connect('localhost', $this->main->__var_dbadmin, $this->main->__var_dbpassword);
$rdb->query("drop database {$this->main->dbname};");
$this->log_error_messages(false);
// MR -- fix delete database username
// $rdb->query("delete from mysql.user where user = '{$this->main->username}';");
$rdb->query("drop user '{$this->main->username}'@'%';");
$rdb->query("drop user '{$this->main->username}'@'localhost';");
$this->log_error_messages(false);
$rdb->query("flush privileges;");
}
-
That is good! Which file to make that change, or wait for next upload?
-
Mustafa, that is perfect. Finally we can delete all docroots and db users :)
@chrisf: in usr/local/lxlabs/kloxo/httpdocs/driver/pserver/mysqldb__mysqllib.php