The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

changes to /scripts/securemysql being overwritten

Discussion in 'Security' started by kbrinner, Mar 5, 2013.

  1. kbrinner

    kbrinner Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was having an issue where a sql user was periodically losing some of its privileges and tracked it down to the following in /scripts/securemysql

    Code:
    print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root';\n};
    I added my sql user (MYUSER) as follows and for a while it appeared that the user wasn't losing its privileges

    Code:
    print MYSQL qq{UPDATE mysql.user SET Lock_tables_priv='N',Create_tmp_table_priv='N' WHERE User!='root' and User!='MYUSER';\n};
    However, now when I make changes to this script to add MYUSER it appears the changes have been made to the script, but when I check on it a couple of days later the script has been reverted back to the original so MYUSER loses its privileges. Does anyone know what script or process is causing my changes to the securemysql script to be reverted? Thanks.
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    cPanel update (upcp).
     
  3. kbrinner

    kbrinner Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    When I vi /scripts/upcp I don't find anything about securemysql - can you provide a little more detail?
     
  4. kbrinner

    kbrinner Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I do see line of the 461 of the upcp script calls the following:

    $logger->update_pbar(95);
    if ( -x '/usr/local/cpanel/scripts/postupcp' ) {
    $logger->info("Running /usr/local/cpanel/scripts/postupcp");
    system '/usr/local/cpanel/scripts/postupcp';
    }

    if ( -e '/var/cpanel/hooks.yaml' && -x '/usr/local/cpanel/scripts/hook' ) {
    $logger->info("Running Standardized hooks");
    system '/usr/local/cpanel/scripts/hook', '--category=System', '--event=upcp', '--stage=post';
    }


    I don't seem to have the postupcp script per the first if, but do have the hook file called in the second if. Would it be appropriate to add something like

    mysql -e “GRANT LOCK TABLES ON *.* to ‘user’@’localhost’ identified by ‘pass’; FLUSH PRIVILEGES;”

    to this hook file?
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You can just make /scripts/postupcp if you need it. If /scripts/postupcp does not already exist, make it and put #!/bin/sh as the first line

    At that point perhaps edit /scripts/securemysql to be how you want it, save a copy somewhere else like /root/custom_config/securemysql, and make /scripts/postupcp put your copy in place.

    upcp shouldn't be causing any SQL users to lose privs though. Before you go messing with that you may wish to seek support from cPanel.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you don't want securemysql making changes to your system, do the following:

    Code:
    # touch /etc/securemysqldisable
    
    Otherwise you'll need to create a custom version of securemysql, using either postupcp or cpanelsync.exclude, to prevent securemysql from making changes. It appears you have a particular user with specific needs. The securemysql script is not designed with that in mind.
     
  7. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    If you are facing difficulty for a particular user, make sure that the account is not exceeding the allotted Disk-space/Bandwidth limits.

    Cheers!!!
     
Loading...

Share This Page