Last modified: 2010-05-15 15:37:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T7043, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 5043 - Install may change GRANTS so that root user loses their permissions.
Install may change GRANTS so that root user loses their permissions.
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Installer (Other open bugs)
1.5.x
All Linux
: High critical (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-19 18:53 UTC by Mark Clements (HappyDog)
Modified: 2010-05-15 15:37 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Mark Clements (HappyDog) 2006-02-19 18:53:01 UTC
I have just tried a fresh install of MediaWiki 1.5.0 using the config/ page.  My
MySQL instance has several DBs and several users already defined.  I specified
the new table name and the DB connect info, entering the name of an existing
user/password ('happydog') into the main DB user box, and entering the root
user/password ('root') into the superuser box.

The install seemed to work perfectly, but when I tried to log into the DB as
root, I only had access to the newly created 'k17_testwiki' database and none of
the others.  I also had no permission to change privileges (nor does any other
user) so was unable to simply grant the appropriate privileges back again.

This was the case whether the DB was accessed through PHPMyAdmin or through the
mysql command-line shell.

Here are the related privileges, as given by MySQL:

SHOW GRANTS FOR root;
> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD 'xxx' WITH
GRANT OPTION 
> GRANT ALL PRIVILEGES ON `k17_testwiki`.* TO 'root'@'%'

SHOW GRANTS FOR root@localhost;
> GRANT USAGE ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'xxx'
> GRANT ALL PRIVILEGES ON `k17_testwiki`.* TO 'root'@'localhost'

As far as I am aware only the first of those four permissions was present prior
to running the install. It seems that the 'localhost' permissions have been
added, which override the general permissions.

I managed to fix the problem by stopping mysql, restoring a recent backup of the
/var/mysql folder and restarting mysql.

Expected result: No privileges should be changed for the superuser.
Comment 1 Mark Clements (HappyDog) 2006-02-19 18:53:51 UTC
FYI, here is the output of the install script:

MediaWiki 1.5.0 installation

Please include all of the lines below when reporting installation problems.
Checking environment...

    * PHP 4.4.2: ok
    * Warning: PHP's register_globals option is enabled. MediaWiki will work
correctly, but this setting increases your exposure to potential security
vulnerabilities in PHP-based software running on your server. You should disable
it if you are able.
    * PHP server API is apache; ok, using pretty URLs (index.php/Page_Title)
    * Have XML / Latin1-UTF-8 conversion support.
    * PHP's memory_limit is 8M. If this is too low, installation may fail!
Attempting to raise limit to 20M... ok.
    * Have zlib support; enabling output compression.
    * Neither Turck MMCache nor eAccelerator are installed, can't use object
caching functions
    * GNU diff3 not found.
    * Found GD graphics library built-in, image thumbnailing will be enabled if
you enable uploads.
    * Installation directory: /home/happydog/web/wikitemp
    * Script URI path: /wikitemp
    * PHP is linked with old MySQL client libraries. If you are using a MySQL
4.1 server and have problems connecting to the database, see
http://dev.mysql.com/doc/mysql/en/old-client.html for help.
    * Connecting to k17_testwiki on localhost:/tmp/mysql.lore3747 as root...success.
    * Connected to 3.23.58
    * Created database k17_testwiki
    * Creating tables... using MySQL 3/4 table defs... done.
    * Initializing data...
    * Granting user permissions...
    * Created sysop account WikiSysop.
    *

      Initialising "MediaWiki" namespace...
      Clearing message cache...Done.

      Creating LocalSettings.php...

      Installation successful! Move the config/LocalSettings.php file into the
parent directory, then follow this link to your wiki.
Comment 2 Mark Clements (HappyDog) 2006-02-19 19:00:45 UTC
I've just tested this with MediaWiki 1.5.6 and it appears that it is still a
problem.
Comment 3 Mark Clements (HappyDog) 2006-02-19 19:05:48 UTC
Have checked GRANTS after restoring from backups.  I was correct in that only
the initial GRANT was present before running the install:

SHOW GRANTS FOR root;
> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD 'xxx' WITH
GRANT OPTION

SHOW GRANTS FOR root@localhost;
> ERROR 1141: There is no such grant defined for user 'root' on host 'localhost'
Comment 4 Juliano F. Ravasi 2006-03-02 02:07:42 UTC
Confirmed here, 1.6-cvs, talked to TimStarling on IRC.

Setting user db account to testwiki/xxxxxx and informing superuser account
root/yyyyyy changed my root account password to xxxxxx and changed root
permissions overriding previous ones.
Comment 5 Mark Clements (HappyDog) 2006-03-02 02:12:28 UTC
In my experience the root account did not have its password altered.
Comment 6 Juliano F. Ravasi 2006-03-02 02:28:52 UTC
The changing root password was because of recent updates in config/index.php.
After the logged to the DB with the right password, the variable containing the
password is changed to the wrong password and the GRANTs are issued with the
wrong password.

Although, MediaWiki should not touch the root account at all... TimStarling
seems to be fixing this right now.
Comment 7 Rob Church 2006-03-06 07:38:08 UTC
This should now be fixed in 1.5.7. I managed to screw up the installer in 1.5.6.
Comment 8 Mark Clements (HappyDog) 2006-03-06 12:43:43 UTC
Does this solve the main issue as originally raised?  This bug was present in
1.5.0, so was not caused by changes introduced in 1.5.6!
Comment 9 Rob Church 2006-03-06 13:44:36 UTC
Well, the *killer* was added in 1.5.6 which would have broken quite a lot of
installs. The part that made this into a problem has existed for a long time;
users.sql contained grants for the "wikiadmin". I would surmise it probably *is*
now corrected in 1.5.7 since those particular grants are gone. Obviously if it
isn't, slap me on the wrist and reopen it.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links