Last modified: 2011-10-12 01:16:47 UTC
When trying to install MediaWiki 1.3.8 (sorry, only version 1.3.7 was available as BugZilla field), it always tries to connect as root to my MySQL database: * PHP 4.3.9: ok * PHP server API is cgi; using ugly URLs (index.php?title=Page_Title) * Have XML / Latin1-UTF-8 conversion support. * PHP's memory_limit is 8M. If this is too low, installation may fail! Attempting to raise limit to 20M... ok. * Have zlib support; enabling output compression. * Found GD graphics library built-in, image thumbnailing will be enabled if you enable uploads. * Installation directory: /usr/local/apache2/htdocs/wiki * Script URI path: /wiki * MySQL error 1045: Keine Zugriffsberechtigung f�r Benutzer: 'root@localhost'. (Verwendetes Passwort: Nein) * Trying regular user... need password. Something's not quite right yet; make sure everything below is filled out correctly. When entering the correct root password (although the database already exists), I receive "MySQL error 0". I can connect with both the wiki and the root user to MySQL using the normal MySQL client without any problems.
*** Bug 1195 has been marked as a duplicate of this bug. ***
I had same bug yesterday with a friend not having root access to mysql. However he had a well configured database with his username+password. I was able to install latest version (beta something) after having - modified config script to login as his db-username - entered his password as "root" password in the login form - AND... having modified the management/users something script to remove all GRANT queries (I replaced them with a dumb select query to get no error code, however this might be useless)
That sounds interesting! Could you please e-mail me your modified scripts and tell me the version of MediaWiki you used, so I can test it?
I ran into the same problem. I wrote on IRC before seeing this bug report: "I seem to exhibit a MediaWiki database logic bug on my setup. Our db server is einstein; our web server is centaur. There is MySQL account called 'root' with no password that MediaWiki authenticates as. But "root" with no password has nearly no privileges; so MW complains, "Can't create database" because it's trying to do things as the lame root user." * The file causing the problems is config/index.php; this bug is in both MW 1.4.4 and 1.5rc1. * The user and database existed before I hit 'submit'. * I worked around it by doing this to config/index.php in MW 1.4.4: 441c441 < $wgDatabase = Database::newFromParams( $wgDBserver, "root", $conf->RootPW, "", 1 ); --- > $wgDatabase = Database::newFromParams( $wgDBserver, $wgDBuser, $wgDBpassword, "", 1 );
Couldn't create database wikidb; try with root access or check your username/pass. Something's not quite right yet; make sure everything below is filled out correctly. * I have created a new database (manually) called wikidb. I have also created a new mysql user/pass, which MW has verified to work to reach the step above. * I do not have root access, thus I have tried Asheesh Laroia's fix of changing "root" to $wgDBuser (etc) * The same error msg still occurs.
Same here, I also try replace all root username and passwords but only managed to do partial installation, some data like usernames and user rights still missing. I wonder if there is an sql file that I could put trough mysql admin to generate tables and data.
The reason for this is that at the bottom of the install form, the option for users to enter their root password is provided; this is so you can get the installer to set up your database and database user for you. Not providing the password will cause the root connection attempt to fail, at which point, the installer will usually find it can use your specified user. Just to point out; root is attempted first, because if the user does want the installer to set up the user for it, then that user is presumed not to exist. I'm thinking perhaps we could offer the user the option to have all this created for them; the install form is not 100% clear on this. Marking this as INVALID, as it's expected behaviour.
And just to confirm the obvious; yes, if you tell the installer to set up your user and database for you, then MediaWiki is configured to use that new user, not root.
The issue here is, if it is an existing MySQL implementation (which is quite common) a good administrator may have deleted the root account, giving root permission and control to some other account name with a less obvious means of guesswork or attack. The problem is that Mediawiki at the time of this report, looks for an account named "root" on MySQL which it will use during installation to create and populate the various data tables, but it assumes "root" exists and is the superuser name on MySQL to do this, asking only the PW for "root". It may not be..... even on amateur MySQL setups the administrator may have changed and deleted the "root" name for superuser access long ago.
A good point, but in that case, you would end up using the user created for that purpose anyway.
But you wouldn't. Say you install MySQL and make the superuser "abc123XnYZ" for security, deleting or disabling the account named "root" afterwards. You still would not run mediawiki under that user "abc123XnYZ", because that user has superuser access. You would want mediawiki to log in as that user on installation only, as usual... to create its tables, and to create a "safe" user as normal. ie, the fact you have changed the superuser name does NOT mean you want to run public facing software as that user....
Sorry, I meant the user created for the purpose of running the software. Didn't make that clear.
(np, it was clear from the context but thanks anyhow. Above reply stands)
The core problem is, Mediawiki needs one time access to the superuser account. And it assumes that superuser is always, and would always, be called "root" (no matter the name of the user you are creating to ultimately run mediawiki). And that superuser will not always be called "root". Especially on a long standing system or a well configured one, or one with a good sysadmin managing it, that assumption should not be made as it will more than likely be wrong on a significant number of systems, which will result in mediawiki auto-insisting on trying to install itself by means of an account that either does not exist, or does not have authority in MySQL. Now is it more clear, why mediawiki needs to ask not just the root password, but the appropriate root account name?
MediaWiki does *not* need access to the root account if you have the other account already created. On a well configured system, that is how you'd do it, is it not? I agree, however, that if it is going to use the root account, then it might be an idea to allow the name to be changed.
Agreed, one of those two. Either way the install must visibly be able to handle (and make clear what to do) the consequences if the MySQL privileged account that has authority to set up the necessary data is not called "root". If the answer is that it doesn't need root access at all, then it shouldn't say it needs the root password, and should make clear what it does need. If it does need some kind of privileged account to create users and such, it must ask its name during setup. If it can avoid the use of a privileged account but this would complicate installation for newcomers, then it should make life easier for them and ask for a privileged account name anyhow, for simplicity (as this is a minimal change to the code and would solve it 100%). The answer (#15) that if your superuser account isn't called root you can skip it if the other account is set up already, falters for me, because it requires users to manually and correctly do stuff in MySQL in order to install Mediawiki. That's going to put off a lot more people than asking for the account name as well as its password. Its also unnecessary as the entire code to do this is already there, just needing a single text string "root" to be replaced by a variable. Personally I feel that the simplst, most elegant way is simply: "To install mediawiki the software needs one-time access to a privileged MySQL account to define users tables and privileges, such as 'root'. Please give the name [default = root] and password for a suitable account that can be used for this purpose." Then ask for a user and password, not just a password. And test the account first to ensure it does have the privileges needed to run the install, so you don't get a cascade of less obvious secondary error messages if not.
My feeling would be that we shouldn't be asking for the root password. If users can't create accounts in mySQL, I'm not comfortable with them installing MediaWiki. We should make it so that the user has to have already set up an account with only the required permissions, and knows which permissions can be taken away after - such as CREATE (we don't need to re-create the tables once defined, do we?)
I understand but I would none the less be inclined to still disagree, on two counts. First, that installing mediawiki is a local once-off process. My understanding is that the root password is not being saved or reused beyond this one time. If instead it was constantly saving or using it, I would have far more grave concerns as you say. Second, that Mediawiki is presently very accessible. Changing root ID on MySQL is easy. So novices at MySQL can do it. Now, if you are going to take away how Mediawiki automatically sets itself up, and demand the user has already created an account with the right privileges, all you are doing is essentially asking them to do manually a process that can be (and presently is) automated. I don't see the gain to the user in terms of security or ease of doing so, or the gain to mediawiki in terms of accessibility, in fact much the reverse. It now would demand every user instead of entering an account and password and having the software take the few steps needed automatically and correctly, they must do precisely the same, create an account if it doesnt exist, and enter it and its password, and cut/paste some SQL code into the SQL command line, for precisely the same effect. I do find it quite hard to see how enforcing that change of process has helped the wiki manager in any everyday sense.
Well in that case, we need to have it so that the installer asks for the root username and password as a clear alternative to a specific account. Perhaps, under the specific account details, we could have a checkbox - "Create this account" - which enables the form fields for the root username and root password.
So in essence, if the running acount does not exist, the Mediawiki software needs to temporary use a privileged account for installation (ie, get a suitable name and password for a privileged account for installation purposes), and ask for a suitable user account for general running use. Or put asnother way, the software cannot create an account, from nothing, with the privileges needed. *Either* the user installing Mediawiki will have to give it a privileged account name + password to use to create a suitable user account, *or* the user must give it a pre-created user account to run under that has already been manually defined correctly (in which case the creation of such an account can obviously be skipped). I don't see the latter being a common scenario to handle given we are talking about an initial install process. Isn't that basically where we're at anyway, except that it has to ask for the privileged account's name as well rather than assume the name is "root" and asking only its password?
Yes, I was just musing over how to explain it to the end user.
"To install mediawiki, the install process must configure itself in MySQL. This is an automatic process, requiring brief access to a privileged MySQL adminstrator's account this one time. As part of the install Mediawiki creates a normal (non privileged) MySQL account which it will use when running the actual wiki. Please enter the name (usually 'root') and password for a privileged account that can be used briefly to install Mediawiki (this will not be saved, it is needed this one time only and then forgotten), and the name and desired password that the Mediawiki software should create for everyday use once it is correctly installed and working. [click here for how Mediawiki uses the root account during install]"
If you include a radio button: "yes, please use the following privileged account to create a mediawiki user" "the Mediawiki user account below already exists so privileged access is not needed" Warnings given if 1) privileged account selected but lacks necessary MySQL root authorities, or 2) user account said to already exist but does not, or lacks necessary MySQL user authorities
Simpler option: Please enter the mySQL account to be used by MediaWiki: Username: __________ Password: __________ [X] MediaWiki should create this account If the box is checked, a section of the installer (preferably below the prompt I've outlined above) is enabled and required: Please enter the credentials to a local superuser account to be used for this Username: root_________ (defaults to root, anyway) Password: _____________ >>Click here for more information on how MediaWiki uses this account<< Something like that, perhaps?
That works. Same basic idea, less verbage.
Don't forget, either the account (if it exists) or the superuser account (if given) will have to be checked briefly during the first stage of install, to ensure they exist and have whatever authorities they respectively need, whichever way it goes.
One edit briefly (sorry!) I'd make extremely clear what each is used for: Please enter the mySQL user account name to be used when running MediaWiki: Username: __________ Password: __________ [X] MediaWiki should create this account during installation
Last potential hiccup - ensure that *blank* passwords are accepted (some other MySQL installations might be configured so that root can only log in from one, or a few, specified machines, and therefore a password is not used to do so)
*** Bug 3914 has been marked as a duplicate of this bug. ***
I reported the above bug 3914 and still not getting it to install. My launch was supposed to be 15 days ago with this project, i'd like to get it going if there is a viable workaround. Its starting to stress me out as my users are constantly asking me when it is going to be installed and I can't find the time to tinker under the hood right now. Please view the 3914 if you have any solutions, as i might of tried them. thank you. Jason
It's worth noting that on some hosted MySQL servers (XO, UNIX w/apache, MySQL4.0, MW1.5.4) the mere attempt to access the db as 'root' gives an error message: Trying to connect to MySQL on ###.###.###.### as root... MySQL error 1105: No '@' was found in user string (root) Disconnecting modifying the code in config/index.php to replace 'root' with the name of a DBuser having grant/create/etc privilege caused a different error (to paraphrase, it stated that 'root' didn't have access to 'wikidb'), but when i reloaded the page i got a 'MediaWiki already exists checking if updates needed' output that completed the installation successfully. Hope this helps.
I got the email notification up above and eagerly tried to install the latest flavor again, but I got the same freakin' error again. I would pay someone at this point to help me getting this up and running. It's been over a month and a half and my users have lost faith in me. I'm still sold on Mediawiki, however it's looking slim so I might have to find something else that I can work with. HELP!!! bobcat@sleestak.net # Trying to connect to MySQL on localhost as root... * Connected as root (automatic) # Connected to 4.0.16-xxxxxxxxxxx; enabling MySQL 4 enhancements * Error selecting database xxxxxxxxxxxxx: 1044 Access denied for user: '@%' to database 'xxxxxxxxxxxxx'
I've encountered something that seems to be related to the issues described in the comments for this bug. I installed the latest version (1.5.4) for one of my users. I created his database beforehand, and provided the configuration page with the proper hostname, user, database, and password. I left the root password entry blank, since I already set that stuff up. It gave me a mysql connection error, saying it couldn't connect as root - even though it shouldn't have had to. Fine, being as how MediaWiki is such a well-known package, I felt reasonable comfortable giving it the root mysql password. I assumed it would discover that the database was already set up, and move on to creating the tables - which it did; however, it also added two new entries to the mysql.user table, for user "root" with hostnames "%" and "localhost.localdomain", and no privileges. This is a MAJOR, HUGE, GINORMOUS problem. Why did it do this? I'm beyond pissed about this. Fortunately I was still able to connect through localhost and fix what MediaWiki screwed up. Why is MediaWiki taking it upon itself to do ANYTHING to the root mysql user? Why does it error out when the root password is not supplied, when the configured database and mysql user ALREADY EXIST?
(In reply to comment #33) You're damn right MediaWiki shouldn't be doing that, but I don't think it is - I'm no expert with the innards of mySQL, but it sounds very much like something mySQL itself is doing. Regardless, this issue is now starting to affect a lot of users. I think I'll do a partial rewrite of the affected portion of the installer script.
Your MySQL is apparently misconfigured so that a root login with no password *SUCCEEDS*, but then can't do anything. You should see about fixing this -- it causes the installer's initial check to fail incorrectly. If you want the installer to connect as root with a password, so it can create the database and set up the db user for MediaWiki, then you should give it *just* the root password in the root password field. It sounds like you told the installer to create a mysql user "root" for MediaWiki to run under as well. You probably shouldn't do that; give it the account that you want to run MediaWiki under instead.
Is there any possible workaround just so I can get the thing up and running? or am I still S.O.L. as I have been since November?
Try bug 1044 comment 10.
(In reply to comment #37) > Try bug 1044 comment 10. I only see 1 comment there, are you sure that's the right one?
I meant bug 3914 comment 10. Sorry, I was reading the "error number" out of the bug summary, not the bug number.
This should now be fixed in CVS HEAD with the code I'm committing this second. The installer now: [a] attempts to connect first as the specified user [b] ...and then as root [c] ...and then cries Basically, an ugly hack in the middle is now a bit cleaner. I'll backport it to 1.5 branch as soon as I know it isn't going to interfere there.
is this CVS HEAD thing in the newest flavor of mediawiki? I'm still not getting it to install... it's been 20 months now thanks (i hope)
CVS HEAD is the latest code in CVS, which runs Wikimedia wikis. It's not used for the releases at the moment. I've since backported similar (though slightly different, due to the way MediaWiki 1.5 supports databases) changes to the installer in REL_1_5. This installer will work against existing versions of MediaWiki within the 1.5 branch, and will also be shipped with MediaWiki 1.5.6.
