Ticket #1504 (new enhancement)
Move creation of sql databases and users to daemon
|Reported by:||pgentoo||Owned by:|
|Priority:||major||Milestone:||ispCP ω 1.x.0|
|Component:||Backend (Engine)||Version:||ispCP ω 1.0.0 - RC6|
I'm working on migrating my system from a homebrew control panel that I built years ago, to ispcp. I'm working on scripts to go through my old database (similar layout and function to ispcp) and build insert scripts to run on ispcp to create all the users, domains, mailboxes, databases, etc... So I don't have to do this manually during my migration. :)
So far, importing my current users (ispcp.admin), domains, subdomains, and mailboxes has been easy because i can just insert into these tables with a "toadd" status and then run the request manager. This process however breaks down when trying to add mysql databases and users, since this is done by the GUI code and not by the daemon. Because of this, I'll have to write my insert script to add the values into the ispcp database, but then also do the creation of databases/users.
The problem here is two fold. One, it breaks the general architecture where the daemon is the one actually doing the work, also making it harder to do migrations from non-vhcs systems. And two, it makes the mysql user that the GUI runs under require full admin rights on mysql (root). I think anything outside of just writing/modifying entries in the ispcp database should be handled by the daemon. If this logic was moved to the daemon and processed like domains are, the mysql user ispcp GUI runs as could have much less privileges, and therefore be more secure in case of a sql injection attack or similar.
I realize this is a large change, but I'd like to see it make its way into ispcp. It would be great to have the daemon do all the work, and keep the GUI code as lightweight (and least privileged!) as possible.