changes to /scripts/securemysql being overwritten

kbrinner

Registered
Mar 5, 2013
3
0
1
cPanel Access Level
Root Administrator
I was having an issue where a sql user was periodically losing some of its privileges and tracked it down to the following in /scripts/securemysql

Code:
print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root';\n};
I added my sql user (MYUSER) as follows and for a while it appeared that the user wasn't losing its privileges

Code:
print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root' and User!='MYUSER';\n};
However, now when I make changes to this script to add MYUSER it appears the changes have been made to the script, but when I check on it a couple of days later the script has been reverted back to the original so MYUSER loses its privileges. Does anyone know what script or process is causing my changes to the securemysql script to be reverted? Thanks.
 

kbrinner

Registered
Mar 5, 2013
3
0
1
cPanel Access Level
Root Administrator
I do see line of the 461 of the upcp script calls the following:

$logger->update_pbar(95);
if ( -x '/usr/local/cpanel/scripts/postupcp' ) {
$logger->info("Running /usr/local/cpanel/scripts/postupcp");
system '/usr/local/cpanel/scripts/postupcp';
}

if ( -e '/var/cpanel/hooks.yaml' && -x '/usr/local/cpanel/scripts/hook' ) {
$logger->info("Running Standardized hooks");
system '/usr/local/cpanel/scripts/hook', '--category=System', '--event=upcp', '--stage=post';
}


I don't seem to have the postupcp script per the first if, but do have the hook file called in the second if. Would it be appropriate to add something like

mysql -e “GRANT LOCK TABLES ON *.* to ‘user’@’localhost’ identified by ‘pass’; FLUSH PRIVILEGES;”

to this hook file?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
86
78
cPanel Access Level
DataCenter Provider
You can just make /scripts/postupcp if you need it. If /scripts/postupcp does not already exist, make it and put #!/bin/sh as the first line

At that point perhaps edit /scripts/securemysql to be how you want it, save a copy somewhere else like /root/custom_config/securemysql, and make /scripts/postupcp put your copy in place.

upcp shouldn't be causing any SQL users to lose privs though. Before you go messing with that you may wish to seek support from cPanel.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,578
53
308
cPanel Access Level
Root Administrator
If you don't want securemysql making changes to your system, do the following:

Code:
# touch /etc/securemysqldisable
Otherwise you'll need to create a custom version of securemysql, using either postupcp or cpanelsync.exclude, to prevent securemysql from making changes. It appears you have a particular user with specific needs. The securemysql script is not designed with that in mind.
 

arunsv84

Well-Known Member
Oct 20, 2008
373
1
68
127.0.0.1
cPanel Access Level
Root Administrator
I was having an issue where a sql user was periodically losing some of its privileges and tracked it down to the following in /scripts/securemysql
If you are facing difficulty for a particular user, make sure that the account is not exceeding the allotted Disk-space/Bandwidth limits.

Cheers!!!