Last modified: 2010-05-15 15:37:49 UTC
I have just tried a fresh install of MediaWiki 1.5.0 using the config/ page. My MySQL instance has several DBs and several users already defined. I specified the new table name and the DB connect info, entering the name of an existing user/password ('happydog') into the main DB user box, and entering the root user/password ('root') into the superuser box. The install seemed to work perfectly, but when I tried to log into the DB as root, I only had access to the newly created 'k17_testwiki' database and none of the others. I also had no permission to change privileges (nor does any other user) so was unable to simply grant the appropriate privileges back again. This was the case whether the DB was accessed through PHPMyAdmin or through the mysql command-line shell. Here are the related privileges, as given by MySQL: SHOW GRANTS FOR root; > GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD 'xxx' WITH GRANT OPTION > GRANT ALL PRIVILEGES ON `k17_testwiki`.* TO 'root'@'%' SHOW GRANTS FOR root@localhost; > GRANT USAGE ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'xxx' > GRANT ALL PRIVILEGES ON `k17_testwiki`.* TO 'root'@'localhost' As far as I am aware only the first of those four permissions was present prior to running the install. It seems that the 'localhost' permissions have been added, which override the general permissions. I managed to fix the problem by stopping mysql, restoring a recent backup of the /var/mysql folder and restarting mysql. Expected result: No privileges should be changed for the superuser.
FYI, here is the output of the install script: MediaWiki 1.5.0 installation Please include all of the lines below when reporting installation problems. Checking environment... * PHP 4.4.2: ok * Warning: PHP's register_globals option is enabled. MediaWiki will work correctly, but this setting increases your exposure to potential security vulnerabilities in PHP-based software running on your server. You should disable it if you are able. * PHP server API is apache; ok, using pretty URLs (index.php/Page_Title) * Have XML / Latin1-UTF-8 conversion support. * PHP's memory_limit is 8M. If this is too low, installation may fail! Attempting to raise limit to 20M... ok. * Have zlib support; enabling output compression. * Neither Turck MMCache nor eAccelerator are installed, can't use object caching functions * GNU diff3 not found. * Found GD graphics library built-in, image thumbnailing will be enabled if you enable uploads. * Installation directory: /home/happydog/web/wikitemp * Script URI path: /wikitemp * PHP is linked with old MySQL client libraries. If you are using a MySQL 4.1 server and have problems connecting to the database, see http://dev.mysql.com/doc/mysql/en/old-client.html for help. * Connecting to k17_testwiki on localhost:/tmp/mysql.lore3747 as root...success. * Connected to 3.23.58 * Created database k17_testwiki * Creating tables... using MySQL 3/4 table defs... done. * Initializing data... * Granting user permissions... * Created sysop account WikiSysop. * Initialising "MediaWiki" namespace... Clearing message cache...Done. Creating LocalSettings.php... Installation successful! Move the config/LocalSettings.php file into the parent directory, then follow this link to your wiki.
I've just tested this with MediaWiki 1.5.6 and it appears that it is still a problem.
Have checked GRANTS after restoring from backups. I was correct in that only the initial GRANT was present before running the install: SHOW GRANTS FOR root; > GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD 'xxx' WITH GRANT OPTION SHOW GRANTS FOR root@localhost; > ERROR 1141: There is no such grant defined for user 'root' on host 'localhost'
Confirmed here, 1.6-cvs, talked to TimStarling on IRC. Setting user db account to testwiki/xxxxxx and informing superuser account root/yyyyyy changed my root account password to xxxxxx and changed root permissions overriding previous ones.
In my experience the root account did not have its password altered.
The changing root password was because of recent updates in config/index.php. After the logged to the DB with the right password, the variable containing the password is changed to the wrong password and the GRANTs are issued with the wrong password. Although, MediaWiki should not touch the root account at all... TimStarling seems to be fixing this right now.
This should now be fixed in 1.5.7. I managed to screw up the installer in 1.5.6.
Does this solve the main issue as originally raised? This bug was present in 1.5.0, so was not caused by changes introduced in 1.5.6!
Well, the *killer* was added in 1.5.6 which would have broken quite a lot of installs. The part that made this into a problem has existed for a long time; users.sql contained grants for the "wikiadmin". I would surmise it probably *is* now corrected in 1.5.7 since those particular grants are gone. Obviously if it isn't, slap me on the wrist and reopen it.