Commit 8b1623b4 authored by Paul Cammish's avatar Paul Cammish
Browse files

Merge branch 'rename_admin_user_to_sympl' into 'master'

Rename admin user to sympl, secure permissions

See merge request sympl/sympl!24
parents ca1ac43a b820b965
......@@ -409,9 +409,9 @@ module Symbiosis
if primary_hostname == self.name
while (user = Etc.getpwent) do
#
# Skip is this username is admin
# Skip is this username is sympl
#
next if user.name == "admin"
next if user.name == "sympl"
#
# Skip if the it is a system user
......
sympl-mysql (9.0.190609.0) stable; urgency=medium
* Renamed admin user to sympl.
* .my.cnf and 'mysql_password' files now created in /home/sympl
-- Paul Cammish <sympl@kelduum.net> Sun, 09 Jun 2019 23:06:13 +0100
sympl-mysql (9.0.190604.0) stable; urgency=medium
* Replaced mentions of Symbiosis with Sympl.
......
......@@ -13,6 +13,6 @@ Replaces: symbiosis-mysql
Provides: symbiosis-mysql
Conflicts: symbiosis-mysql
Description: MySQL metapackage for Sympl.
This package ensures that the MySQL database will have an admin account created.
This package ensures that the MySQL database will have a 'sympl' account created.
.
Without this package installed the PHPMyAdmin package will be uninstallable.
......@@ -46,34 +46,31 @@ if [ -x /usr/bin/mysql_upgrade ]; then
fi
#
# Add an admin user with user/password authentication for phpmyadmin if one doesn't already exist, and write into to /root/
# Add a 'sympl' user with user/password authentication for phpmyadmin if one doesn't already exist, and write into to /home/sympl
#
service mysql start
if grep -qx 'password = ' /etc/mysql/debian.cnf && [ "$(mysql -u root -se "select exists(select user from mysql.user where user = 'admin');")" = "0" ] ; then
echo "I: Adding 'admin'@'localhost' MySQL user"
if grep -qx 'password = ' /etc/mysql/debian.cnf && [ "$( mysql -u root -se "select exists(select user from mysql.user where user = 'sympl');" )" = "0" ] ; then
echo "I: Adding 'sympl'@'localhost' MySQL user"
# Select password
MYSQL_PASSWORD="$(openssl rand 200 | base64 | tr -dc '[[:alnum:]]' | cut -c 1-20)"
MYSQL_PASSWORD="$( openssl rand 200 | base64 | tr -dc '[[:alnum:]]' | cut -c 1-20 )"
echo "I: Password selected"
# Set password
mysql --defaults-file=/etc/mysql/debian.cnf -e "grant all privileges on *.* to 'admin'@'localhost' identified by '$MYSQL_PASSWORD' with grant option;"
mysql --defaults-file=/etc/mysql/debian.cnf -e "grant all privileges on *.* to 'sympl'@'localhost' identified by '$MYSQL_PASSWORD' with grant option;"
echo "I: Password set"
if [ ! -f /root/.my.cnf ]; then
echo "I: Saving to /root/.my.cnf"
# Skip overwriting an existing /root/.my.cnf
echo "[client]" > /root/.my.cnf
echo "user=admin" >> /root/.my.cnf
echo "password=$MYSQL_PASSWORD" >> /root/.my.cnf
# Skip overwriting an existing /home/sympl/.my.cnf
if [ ! -f /home/sympl/.my.cnf ]; then
echo "I: Saving to /home/sympl/.my.cnf"
echo "[client]" > /home/sympl/.my.cnf
echo "user=sympl" >> /home/sympl/.my.cnf
echo "password=$MYSQL_PASSWORD" >> /home/sympl/.my.cnf
fi
# Write the password as plaintext to the /root dir
echo "I: Saving to /root/mysql_admin_password"
echo "$MYSQL_PASSWORD" > /root/mysql_admin_password
# Write the password as plaintext to the /home/sympl dir
echo "I: Saving to /home/sympl/mysql_password"
echo "$MYSQL_PASSWORD" > /home/sympl/mysql_password
# Lock down permissions
echo "I: Restricting permissions"
chmod 600 /root/mysql_admin_password /root/.my.cnf
chown root:root /root/mysql_admin_password /root/.my.cnf
chmod 600 /home/sympl/mysql_password /home/sympl/.my.cnf
chown sympl:sympl /home/sympl/mysql_password /home/sympl/.my.cnf
echo "I: done"
fi
service mysql stop
exit 0
sympl-phpmyadmin (9.0.190604.0) stable; urgency=medium
sympl-phpmyadmin (9.0.190609.0) stable; urgency=medium
* Fixes to automatic tests
-- Paul Cammish <sympl@kelduum.net> Sun, 09 Jun 2019 23:08:00 +0100
sympl-phpmyadmin (9.0.190604.0) stable; urgency=medium
* Replaced mentions of Symbiosis with Sympl.
* Renamed package to sympl-phpmyadmin
......
......@@ -24,11 +24,11 @@ class TestPhpMyAdmin < Test::Unit::TestCase
end
#
# Fetch the admin password
# Fetch the sympl password
#
def admin_passwd()
if ( File.exist?( "/root/mysql_admin_password" ) )
File.read("/root/mysql_admin_password").chomp
if ( File.exist?( "/home/sympl/mysql_password" ) )
File.read("/home/sympl/mysql_password").chomp
else
nil
end
......@@ -120,7 +120,7 @@ class TestPhpMyAdmin < Test::Unit::TestCase
#
# Check our username/password are correct.
#
ok = do_verify_mysql_user("admin", password)
ok = do_verify_mysql_user("sympl", password)
if ok.nil?
puts "\nSkipping phpmyadmin admin auth test - password not found."
return
......@@ -230,4 +230,4 @@ class TestPhpMyAdmin < Test::Unit::TestCase
end
end
\ No newline at end of file
end
......@@ -405,7 +405,7 @@ HideURL *.ra
# You can also hide based on authenticated username
#HideUser root
#HideUser admin
#HideUser sympl
# Grouping options
GroupURL /cgi-bin/* CGI Scripts
......@@ -420,7 +420,7 @@ GroupURL /cgi-bin/* CGI Scripts
#GroupReferrer webcrawler.com/ WebCrawler
#GroupUser root Admin users
#GroupUser admin Admin users
#GroupUser sympl Admin users
#GroupUser wheel Admin users
# The following is a great way to get an overall total
......
sympl-web (9.0.190609.0) stable; urgency=medium
* Renamed admin user to sympl.
* Removed skel.d files.
-- Paul Cammish <sympl@kelduum.net> Sun, 09 Jun 2019 23:09:13 +0100
sympl-web (9.0.190605.0) stable; urgency=medium
* Renamed package to sympl-web
......
......@@ -4,6 +4,5 @@ apache.d etc/sympl/
ssl-hooks.d usr/share/sympl/
monit.d/* usr/share/sympl/monit/checks/
sympl/* usr/share/sympl/static/
sympl/* etc/sympl/skel.d/public/htdocs/
apache2 etc/
php etc/
usr/sbin/sympl-web-configure etc/cron.hourly/sympl-web-configure
usr/sbin/sympl-web-rotate-logs etc/cron.daily/sympl-web-rotate-logs
usr/share/sympl/ssl-hooks.d/sympl-webi etc/sympl/ssl-hooks.d/sympl-web
usr/share/sympl/ssl-hooks.d/sympl-web etc/sympl/ssl-hooks.d/sympl-web
etc/php/7.0/conf.d/sympl-web.ini etc/php/7.0/apache2/conf.d/00-sympl-web.ini
usr/sbin/sympl-web-configure usr/sbin/symbiosis-httpd-configure
usr/sbin/sympl-web-rotate-logs usr/sbin/symbiosis-httpd-rotate-logs
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment