[Koha-devel] Bug 8641

[Jared Camins-Esakov]

Paul,

As far as I can see (using getent passwd | cut -d : -f 1 | xargs groups)
> there is no problem with *system* security.  Also, User "0" does not appear
> in the MySql 'borrowers' table.  So why is it possible to log in with the
> "warned against" credentials? How should it be used during upgrades?
>

Only the MySQL user (= user 0 ="Koha superuser") can run the webinstaller,
if you did not run the upgrade script from the command line (packages take
care of it for you, which is one of the reasons why we recommend them). You
also must use the database user when an empty database is first created
because there is no other superlibrarian user which can be used for
administration until after you've created one using your database login.

It also is possible to create a superlibrarian with User "koha"
> credentials; limited testing in my sandbox has not [yet!] shown any side
> effects, except that User "0" can no longer log in (demonstrated by the
> fact that "Library" is set.)
>

Right. The problem with doing that is that if you need to access the web
installer, or inadvertently delete all your superlibrarians, you can no
longer access Koha using the database credentials, and are therefore stuck.

Regards,
Jared

-- 
Jared Camins-Esakov
Bibliographer, C & P Bibliography Services, LLC
(phone) +1 (917) 727-3445
(e-mail) jcamins at cpbibliography.com
(web) http://www.cpbibliography.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130123/4515c5e5/attachment.html>