The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing user password changes mysql password

Discussion in 'General Discussion' started by shacker23, Sep 15, 2005.

  1. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    This morning I changed a user's password (at their request), using the "passwd username" command. A few hours later (not immediately), their database-backed website stopped functioning. Since the unix password and the mysql password are completely separate, I can't see what would cause this to happen. Does cPanel take it upon itself to change their mysql password when the account password is changed? If so, that seems crazy, since it will break all of their web applications. Anyway:

    1) Is what we experienced here normal for cPanel?

    2) Is there a way to tell cPanel to *stop doing that* ?

    Thanks,
    Scot
     
  2. Faldran

    Faldran Well-Known Member

    Joined:
    May 28, 2002
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Best way to avoid that ( and more secure in many cases cause if a script kiddie gets ahold of a config file, and they have their main username/password for mysql, this will then give them access to cpanel, mail, ftp... everything. ) is to create a mysql user/password and grant it permission to the database,and use it instead of the man username and password.
     
  3. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Faldran -

    That is how this account's database was set up. Used cPanel to create a mysql database, a mysql user, and granted permissions to that database for that mysql user. It sounds like you're implying that if you don't create a mysql user for the database, then the unix user/pass for that database would be used by the system. I would never do that (I'm a very experienced mysql admin), but if that's possible on cPanel, then it implies that there IS some kind of cPanel connection between the unix user/pass and mysql user/passes. As if either one might work. This is very strange.

    Does anyone know the real story on the connection cPanel makes between the machine account and mysql accounts?

    Thanks,
    Scot
     
  4. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    16
    Turns out that while all of the databases I set up for the customer had their own mysql user/passes, the database in question was created by the customer *without* a mysql user/pass. So now the situation comes into focus:

    If you create a database the way you're supposed to do, by setting up a mysql user/pass, then it remains independent of the system account user/pass. You can change the user's password at any time without breaking your web apps.

    But if you create a database without also attaching it to a mysql user, it will still work! The system magically reaches out and grabs the users's unix credentials. This strikes me as a VERY BAD design decision on cPanel's part. Yes, it probably makes it easier on newbies, but with the consequence of breaking their web apps every time they change their system password (which should be frequently). The problem is compounded by the fact that there's a time element at work -- if you change the users's system password, their web apps don't break immediately -- mysql starts screwing up hours, or even half a day later. So you can't intentionally change your web apps' config files at the same time you change your system password. It's just a bad scene all around.

    cPanel folks, if you're reading this, consider this a request for removal of a feature: Just let mysql operate normally, rather than trying to patch it up with magical goo. If there is no mysql user/pass associated with a database, it should not be usable, period. Please don't try to attach it to the system password. That way lies only peril for users and headaches for sysadmins.
     
Loading...

Share This Page