User databases are no longer created

[BrianLayman]

I've somehow changed my default behavior for WHM. Prior to this, for each new account I created from WHM, I would get a MySQL User and a MySQL database. Now I only get the User.

I can find threads that indicate ppl used to modify some of the post*acct scripts to create the databases, however I've never touched these and I think the database creation has become part of the WHM core now. But I can't find where the settings controlling it would be.

I also know that others have databases created automatically because an error message I remember has been mentioned several times on this forum:\
"Account Creation Status: failed (Sorry, a MySQL database with the name * already exists.)" I once got that error when I had already created a database under the name of an account I was adding.

You can see that message referenced in these two threads:
http://forums.cpanel.net/f5/add-user-error-114033.html#post502701
http://forums.cpanel.net/f5/very-bizarre-account-creation-error-122569.html

My VPS provider is trying to convince me that I never had that functionality and I just want to get it back.

Can someone here be of assistance?

I lost the behavior around the time I added packages to my account. However I don't want to drop all of the packages I've made and assigned to various accounts if I don't have to.

Does anyone know how to activate the automatic creation of databases for each new account created by WHM/CPanel?

 

[cPanelDavidG]

On a plain installation of cPanel/WHM, no databases are created when a cPanel user is created. The only thing that happens is that the cPanel user is granted access to any databases they may create. However, using your cPanel user credentials for databases is generally not a good idea as this often involves storing your cPanel password in plain text.

 

[BrianLayman]

Hmm interesting...

In my research I was able to find the source of the "Account Creation Status: failed (Sorry, a MySQL database with the name * already exists.)" error message.

That comes directly from /usr/local/cpanel/bin/wwwacct
That's part of default cpanel right? (Please don't read any snarkiness in that, it's a real question as I see it wwwacct mentioned as a script too)

It seems likely that there's a switch that triggers that section of code in wwwacct, but I can't find mention of it as a parameter in documentation and since that's a binary, viewing it is less than helpful. I was hoping wwwacct.conf might have a setting for it but no go...

What you've mentioned about the security concerns does make sense. However, since my server is already using that wwwacct feature, my password information is probably already stored in plain text. some my.cnf somewhere seems a likely spot for that.

Do you have any thoughts about where I should go from here in this investigation? As the mention of that error message in other threads indicates, I'm not the only person whose had their CPanel behaving this way. I'd just like to return to my previous behavior...

 

[DavidAG]

Hmm interesting...

In my research I was able to find the source of the "Account Creation Status: failed (Sorry, a MySQL database with the name * already exists.)" error message.

That comes directly from /usr/local/cpanel/bin/wwwacct
That's part of default cpanel right?

It seems likely that there's a switch that triggers that section of code, but I can't find mention of it in documentation and since that's a binary, viewing it is less than helpful.

What you've mentioned about the security concerns does make sense. However, since my server is already using that wwwacct feature, my password information is probably already stored in plain text.

Do you have any thoughts about where I should go from here in this investigation? As the mention of that error message in other threads indicates, I'm not the only person whose had their cpanel behaving this way. I'd just like to return to my previous behaviour...

/scripts/wwwacct is the command-line script used to create cPanel accounts. When a cPanel account is created on the server, it is created as a standard Unix user. This means that the password is stored as a hash, not in plain text. This also means the password cannot be retrieved. The system can compare if the user entered the correct password, but it does not know what the actual password is.

Your previous behavior may have (and I'm just speculating) been triggered by a /scripts/postwwwacct script. The /scripts/postwwwacct script is a way to perform additional actions after an account is created such as calling our XML API to create a database for that user which was just created by /scripts/wwwacct.

 

[BrianLayman]

/scripts/wwwacct is the command-line script used to create cPanel accounts. When a cPanel account is created on the server, it is created as a standard Unix user. This means that the password is stored as a hash, not in plain text. This also means the password cannot be retrieved. The system can compare if the user entered the correct password, but it does not know what the actual password is.

Your previous behavior may have (and I'm just speculating) been triggered by a /scripts/postwwwacct script. The /scripts/postwwwacct script is a way to perform additional actions after an account is created such as calling our XML API to create a database for that user which was just created by /scripts/wwwacct.

re:postwwwacct Yeah that's where I started looking this morning, but I've no indiciation that such a file ever existed.

Thinking on this further however, there seems to be a flaw in the above logic. The info about how the user acct pw is stored while accurate, seems likely to be irrelevant. No user password is needed to create a database for the user. Anyway, this was a process done within /usr/local/cpanel/bin/wwwacct not the script version. That's where the error handling is. See, this is copied from a hex view of that file: "Sorry, a mysql database with the name [NULL] already exists."


Obviously CPanel already has root access to MySql as it has created the new user in MySQL with the correct password. At that point only two more queries need be made:
CREATE DATABASE `newusersname` ;
GRANT ALL PRIVILEGES ON `newusersname` . * TO 'newusersname'@'%';
and we have the new database. Neither of those require a password so there is no security risk.

I've downloaded my VPS's cpanel files to my local system and will test further. Maybe I'll find something over in /var/cpanel. All the pm files are at least fun to look at and I'm learning a lot more about how cpanel was built. I even found a bug in the error message "Sorry you cannot create this account because this would excceed your alloted bandwidth." Exceeded was typed with an accent.

I'd still love to hear more thoughts if anyone has them..

 

[cPanelKenneth]

The automatic creation of MySQL databases by cPanel during account creation was a bug. We fixed it. If you desire that behavior you need to use a /scripts/postwwwacct script ( or one of the various other hook scripts ).

 

[BrianLayman]

The automatic creation of MySQL databases by cPanel during account creation was a bug. We fixed it. If you desire that behavior you need to use a /scripts/postwwwacct script ( or one of the various other hook scripts ).

Aha! Well that explains all...

Thank you very much, cpanelkenneth.

On the positive side, I've learned enough about how cpanel works through my searches that whipping up the script should be a breeze.

Cheers!