changes to /scripts/securemysql being overwritten

[kbrinner]

I was having an issue where a sql user was periodically losing some of its privileges and tracked it down to the following in /scripts/securemysql

print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root';\n};

I added my sql user (MYUSER) as follows and for a while it appeared that the user wasn't losing its privileges

print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root' and User!='MYUSER';\n};

However, now when I make changes to this script to add MYUSER it appears the changes have been made to the script, but when I check on it a couple of days later the script has been reverted back to the original so MYUSER loses its privileges. Does anyone know what script or process is causing my changes to the securemysql script to be reverted? Thanks.

 

[quietFinn]

cPanel update (upcp).

 

[kbrinner]

When I vi /scripts/upcp I don't find anything about securemysql - can you provide a little more detail?

 

[kbrinner]

I do see line of the 461 of the upcp script calls the following:

$logger->update_pbar(95);
if ( -x '/usr/local/cpanel/scripts/postupcp' ) {
$logger->info("Running /usr/local/cpanel/scripts/postupcp");
system '/usr/local/cpanel/scripts/postupcp';
}

if ( -e '/var/cpanel/hooks.yaml' && -x '/usr/local/cpanel/scripts/hook' ) {
$logger->info("Running Standardized hooks");
system '/usr/local/cpanel/scripts/hook', '--category=System', '--event=upcp', '--stage=post';
}

I don't seem to have the postupcp script per the first if, but do have the hook file called in the second if. Would it be appropriate to add something like

mysql -e “GRANT LOCK TABLES ON *.* to ‘user’@’localhost’ identified by ‘pass’; FLUSH PRIVILEGES;”

to this hook file?

 

[quizknows]

You can just make /scripts/postupcp if you need it. If /scripts/postupcp does not already exist, make it and put #!/bin/sh as the first line

At that point perhaps edit /scripts/securemysql to be how you want it, save a copy somewhere else like /root/custom_config/securemysql, and make /scripts/postupcp put your copy in place.

upcp shouldn't be causing any SQL users to lose privs though. Before you go messing with that you may wish to seek support from cPanel.

 

[cPanelKenneth]

If you don't want securemysql making changes to your system, do the following:

# touch /etc/securemysqldisable

Otherwise you'll need to create a custom version of securemysql, using either postupcp or cpanelsync.exclude, to prevent securemysql from making changes. It appears you have a particular user with specific needs. The securemysql script is not designed with that in mind.

 

[arunsv84]

I was having an issue where a sql user was periodically losing some of its privileges and tracked it down to the following in /scripts/securemysql

If you are facing difficulty for a particular user, make sure that the account is not exceeding the allotted Disk-space/Bandwidth limits.

Cheers!!!