(10-20-2008 05:41 PM)joximu Wrote: die "Variablen" in den {...} sollten durch das setup-programm durch Werte ersetzt werden...
es reicht also
SQLMinUserUID 2000
aber die Zeile SQLConnectInfo {DATABASE_NAME}@{DATABASE_HOST} {DATABASE_USER} {DATABASE_PASS} wir wohl immernoch nicht klappen...
War das ein manuelles update?
/J
Das Setup- Programm hatte die Variablen nicht eingefügt. Das hab ich inzwischen von Hand gemacht. Proftpd start und restart läuft wieder.
Das auslösende Problem scheint ein anderes zu sein:
`/tmp/ispcp/var/www/ispcp/gui/client/sql_manage.php' -> `/var/www/ispcp/gui/client/sql_manage.php'
`/tmp/ispcp/var/www/ispcp/gui/client/subdomain_delete.php' -> `/var/www/ispcp/gui/client/subdomain_delete.php'
`/tmp/ispcp/var/www/ispcp/gui/index.php' -> `/var/www/ispcp/gui/index.php'
www:/var/lib/vz/private/102/usr/local/src/ispcp/ispcp-omega-1.0.0# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Das ist der Output, wenn ich es als User "master" und mit su ausführe
Weiter:
Cleaning up...
www:/var/lib/vz/private/102/usr/local/src/ispcp/ispcp-omega-1.0.0# cd
www:~# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
www:~#
Auch als "master"
Als "root"
www:~# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
www:~# apt-get install mysql-server mysql-client libmysqlclient15-dev
Reading package lists... Done
Building dependency tree... Done
mysql-server is already the newest version.
mysql-client is already the newest version.
libmysqlclient15-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
www:~# mysqladmin -u root -p
mysqladmin Ver 8.41 Distrib 5.0.32, for pc-linux-gnu on x86_64
Copyright © 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license
Administration program for the mysqld daemon.
Usage: mysqladmin [OPTIONS] command command....
-c, --count=# Number of iterations to make. This works with -i
(--sleep) only.
-#, --debug[=name] Output debug log. Often this is 'd:t:o,filename'.
-f, --force Don't ask for confirmation on drop database; with
multiple commands, continue even if an error occurs.
-C, --compress Use compression in server/client protocol.
--character-sets-dir=name
Directory where character sets are.
--default-character-set=name
Set the default character set.
-?, --help Display this help and exit.
-h, --host=name Connect to host.
-p, --password[=name]
Password to use when connecting to server. If password is
not given it's asked from the tty. WARNING: Providing a
password on command line is insecure as it is visible
through /proc to anyone for a short time.
-P, --port=# Port number to use for connection.
--protocol=name The protocol of connection (tcp,socket,pipe,memory).
-r, --relative Show difference between current and previous values when
used with -i. Currently works only with extended-status.
-O, --set-variable=name
Change the value of a variable. Please note that this
option is deprecated; you can set variables directly with
--variable-name=value.
-s, --silent Silently exit if one can't connect to server.
-S, --socket=name Socket file to use for connection.
-i, --sleep=# Execute commands again and again with a sleep between.
--ssl Enable SSL for connection (automatically enabled with
other flags). Disable with --skip-ssl.
--ssl-ca=name CA file in PEM format (check OpenSSL docs, implies
--ssl).
--ssl-capath=name CA directory (check OpenSSL docs, implies --ssl).
--ssl-cert=name X509 cert in PEM format (implies --ssl).
--ssl-cipher=name SSL cipher to use (implies --ssl).
--ssl-key=name X509 key in PEM format (implies --ssl).
--ssl-verify-server-cert
Verify server's "Common Name" in its cert against
hostname used when connecting. This option is disabled by
default.
-u, --user=name User for login if not current user.
-v, --verbose Write more information.
-V, --version Output version information and exit.
-E, --vertical Print output vertically. Is similar to --relative, but
prints output vertically.
-w, --wait[=#] Wait and retry if connection is down.
--connect_timeout=#
--shutdown_timeout=#
Variables (--variable-name=value)
and boolean options {FALSE|TRUE} Value (after reading options)
--------------------------------- -----------------------------
count 0
force FALSE
compress FALSE
character-sets-dir (No default value)
default-character-set (No default value)
host (No default value)
port 3306
relative FALSE
socket /var/run/mysqld/mysqld.sock
sleep 0
ssl FALSE
ssl-ca (No default value)
ssl-capath (No default value)
ssl-cert (No default value)
ssl-cipher (No default value)
ssl-key (No default value)
ssl-verify-server-cert FALSE
user root
verbose FALSE
vertical FALSE
connect_timeout 43200
shutdown_timeout 3600
Default options are read from the following files in the given order:
/etc/mysql/my.cnf ~/.my.cnf /usr/etc/my.cnf
The following groups are read: mysqladmin client
The following options may be given as the first argument:
--print-defaults Print the program argument list and exit
--no-defaults Don't read default options from any options file
--defaults-file=# Only read default options from the given file #
--defaults-extra-file=# Read this file after the global files are read
Where command is a one or more of: (Commands may be shortened)
create databasename Create a new database
debug Instruct server to write debug information to log
drop databasename Delete a database and all its tables
extended-status Gives an extended status message from the server
flush-hosts Flush all cached hosts
flush-logs Flush all logs
flush-status Clear status variables
flush-tables Flush all tables
flush-threads Flush the thread cache
flush-privileges Reload grant tables (same as reload)
kill id,id,... Kill mysql threads
password new-password Change old password to new-password, MySQL 4.1 hashing.
old-password new-password Change old password to new-password in old format.
ping Check if mysqld is alive
processlist Show list of active threads in server
reload Reload grant tables
refresh Flush all tables and close and open logfiles
shutdown Take server down
status Gives a short status message from the server
start-slave Start slave
stop-slave Stop slave
variables Prints variables available
version Get version info from server
www:
Der Server ist gechrooted.
Hier ein Auszug aus /etc/securizy/access.conf
##############################################################################
#
# Disallow non-root logins on tty1
#
#-:ALL EXCEPT root:tty1
#
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:LOCAL
#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.
#
Ich blicke hier nicht mehr durch.
Bin für jede Hilfe dankbar.
Ralph
Mir kommt eben die Idee:
Würde es funktionieren, wenn ich die Variablen in de Klammern von Hand eintrage?
SQLConnectInfo {DATABASE_NAME}@{DATABASE_HOST} {DATABASE_USER} {DATABASE_PASS}
Wenn das nicht gegt, könnte ich
"SQLAuthenticate on" für die Dauer des Setups einfach auf "off" setzen