Removing user or database does not remove mysql.user !!!

[Spacedust]

We are now in process of converting all users to new 41-char passwords and guess what ?

There are still mysql.users from accounts removed few years ago ! This is just crazy :/

[insanity]

@Spacedust,
I already wrote about this problem. When you remove some database, the user assigned to this db is not removed.
Here is the topic: http://forum.mratwork.com/kloxo-mr-development/mysql-db-remove

[Spacedust]

@Spacedust,
I already wrote about this problem. When you remove some database, the user assigned to this db is not removed.
Here is the topic: http://forum.mratwork.com/kloxo-mr-development/mysql-db-remove

Now we have hundreds of non-existing customer password that needs to be checked if they exist before converting to 41-chars :/ Same with PowerDNS entries !

[chrisf]

+1.  @spacedust and @insanity.   The mysql users need to be removed, this is a very BIG problem as time goes on.

[insanity]

Yes it is same and with all folders. We have so much removed domains, but files and folders still exist

[MRatWork]

It's not simple remove domain also remove document root of domain. The same issue with database.

The reason is it's possible document root not using by 1 domain (in case parking domain). The same issue with database where 1 username have privileges to more than 1 database.

[MRatWork]

For document will be implementing delete docroot if this docroot only use by 1 web.

This is the logic:

Code: [Select]

// MR -- also delete docroot if only refer to 1 web
$c = db_get_count("web", "customer_name = '{$this->customer_name}' AND docroot = '$this->docroot'");

if ((int)$c === 1) {
recursively_remove($this->getFullDocRoot());
}

Note:
- function db_get_count is a new function and only ready in Kloxo-MR 6.5.1 since alpha
- ready for next upload of 6.5.1.b

[chrisf]

In KloxoMR every database a new user is created, why not delete that user when the database is deleted?

[MRatWork]

Original code is not include delete username if database deleted.

Delete database also delete database username still dangerously. It's not easy to detect privileges.

[MRatWork]

Original code already have a code for delete user but wrong code:

Code: [Select]

function deleteDatabase()
{
$rdb = $this->lx_mysql_connect('localhost', $this->main->__var_dbadmin, $this->main->__var_dbpassword);

$rdb->query("drop database {$this->main->dbname};");

$this->log_error_messages(false);

$rdb->query("delete from mysql.user where user = '{$this->main->username}';");

$this->log_error_messages(false);

$rdb->query("flush privileges;");
}
Need modified to:

Code: [Select]

function deleteDatabase()
{
$rdb = $this->lx_mysql_connect('localhost', $this->main->__var_dbadmin, $this->main->__var_dbpassword);

$rdb->query("drop database {$this->main->dbname};");

$this->log_error_messages(false);

// MR -- fix delete database username
// $rdb->query("delete from mysql.user where user = '{$this->main->username}';");
$rdb->query("drop user '{$this->main->username}'@'%';");
$rdb->query("drop user '{$this->main->username}'@'localhost';");

$this->log_error_messages(false);

$rdb->query("flush privileges;");
}

[chrisf]

That is good!  Which file to make that change, or wait for next upload?

[insanity]

Mustafa, that is perfect. Finally we can delete all docroots and db users

@chrisf: in usr/local/lxlabs/kloxo/httpdocs/driver/pserver/mysqldb__mysqllib.php