When using an external database, provision creates two site_x users; site_x @ % and site_x @localhost.

Additionally if you setup aegir using db.example.net as the database server instead of using an IP, then the site_x user is not allowed to connect to the database and so site install fails. If someone can confirm whether the second part can be reproduced that would be great.

CommentFileSizeAuthor
#5 Picture 31.png56.99 KBadrian

Comments

ac’s picture

ac
Primary language English
Location Perth
commented

Upon further testing it seems it does work with a FQDN so the only issue is two users.

anarcat’s picture

anarcat commented

I think that we can remove the FQDN, the % is sufficient. However, this should be configurable in the db_server platform.

adrian’s picture

adrian commented

Upon removing the second grant, i get an error.

adrian’s picture

adrian commented

On our multi-front end system, we added user accounts for each of the front ends, and a wildcard for 64.55.119.%

adrian’s picture

adrian commented
StatusFileSize
new Picture 31.png56.99 KB

When i removed the @dbhost line, i get an error on install even on my local test environment.

anarcat’s picture

anarcat commented
Priority: Normal » Critical
Status: Active » Needs work

http://drupal.org/cvs?commit=154335 fixes this issue, mostly. I think it would still be good to add documentation regarding the fact that no host-based access control is configured by Aegir, which can be a security issue if the mysql server is publicly accessible.

Also, the issues described here by Adrian and Acbot are not related to Aegir. Acbot's issue was unreproducable, and adrian's was related to an entry in the mysql.user table like this:

mysql> select User,Host from user where Host='' or User='';
+------+-----------+
| User | Host      |
+------+-----------+
|      | localhost | 
+------+-----------+
1 row in set (0.02 sec)

If such a row is present, all clients from Host 'localhost' will be authenticated as anonymous users and have no permissions. Just dropping the row is sufficient to restore proper access.

Leaving this as 'needs work' as I think we need to update the documentation.

anarcat’s picture

anarcat commented

Also note that the committed patch doesn't update existing users (since it can't through update.php), so that may also be something that needs to be documented in the release notes or something.

anarcat’s picture

anarcat commented

See also http://drupal.org/node/337485

adrian’s picture

adrian commented

I also just changed the documentation to create the hostmaster account using @% instead of @localhost.

adrian’s picture

adrian commented

I think i can close this.

There's nothing we can do for existing clients created, but they won't harm or otherwise affect the running of the system.

anarcat’s picture

anarcat commented

We need to say somewhere in the docs that we create a % host wildcard, which is a security issue... In the relnotes?

anarcat’s picture

anarcat commented
Status: Needs work » Fixed

I'm closing this. There's now a more specific issue regarding this in http://drupal.org/node/354050

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

anarcat’s picture

anarcat commented
Issue tags: +multiserver

tagging this old issue

  • Commit 2019605 on debian, dev-dns, dev-envobject, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newhooks, dev-nginx, dev-platform_management, dev-ports, dev-purgebackup, dev-restore, dev-services, dev-simplerinstaller, dev-site_rename, dev-ssl, dev_716166_apache_conf, dev_dns, dev_server_verify, prod-koumbit, ssl, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x authored by anarcat: 
    do not create duplicate GRANT, use only % for now

Related to: #336431...
  • Commit 84f82d7 on debian, dev-dns, dev-envobject, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newhooks, dev-nginx, dev-platform_management, dev-ports, dev-purgebackup, dev-restore, dev-services, dev-simplerinstaller, dev-site_rename, dev-ssl, dev_716166_apache_conf, dev_dns, dev_server_verify, prod-koumbit, ssl, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x authored by adrian:
    Test if apache can be restarted during verify, and fix the documentation...