[Koha-bugs] [Bug 17237] New: Stop koha-create from creating MySQL users without host restriction

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Sep 2 08:11:22 CEST 2016 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17237

            Bug ID: 17237
           Summary: Stop koha-create from creating MySQL users without
                    host restriction
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5 - low
         Component: Packaging
          Assignee: magnus at libriotech.no
          Reporter: magnus at libriotech.no
        QA Contact: testopia at bugs.koha-community.org
                CC: mirko at abunchofthings.net

I am trying to tune MySQL using MySQLTuner (http://mysqltuner.com/). When I run
it on my Koha server I get a bunch of warnings like this: 

[!!] User 'koha_x@%' hasn't specific host restriction.
[!!] User 'koha_y@%' hasn't specific host restriction.
[!!] User 'koha_z@%' hasn't specific host restriction.

And in mysql.user I have:

| %         | koha_x  |
| %         | koha_y  |
| %         | koha_z  |
| localhost | koha_x  |
| localhost | koha_y  |
| localhost | koha_z  |

The code that creates these users is in koha-create, line 654 an onwards:

    # Set up MySQL database for this instance.
    if [ "$op" = create ]
    then
        mysql --defaults-extra-file=/etc/mysql/koha-common.cnf <<eof
CREATE DATABASE \`$mysqldb\`;
CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
FLUSH PRIVILEGES;
eof
    fi #`
    if [ "$op" = use ]
    then
        mysql --defaults-extra-file=/etc/mysql/koha-common.cnf --force <<eof
CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
FLUSH PRIVILEGES;
eof
    fi #`

Perhaps it is just a lack of imagination, but I can't really think of a use for
the @% unrestricted user. Am I missing something, or can we just get rid of it? 

Or if they are needed in some scenarios, can we be more clever about when we
create unrestricted users, so they are only created when needed?

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list