Virtualmin user cannot create databases?

6 posts / 0 new
Last post
#1 Sat, 07/18/2009 - 12:12

Virtualmin user cannot create databases?

Hey all! When I log into the admin account over the whole server and I select a domain on the left, one of the top options is Edit Databases.

Now when the VirtualHost user logs in to administer his domain, there is no Edit Databases option.

What option have I missed to allow the administrator for any virtual domain to be able to create their own databases? Ive checked System Settings->Server Templates->Custom->MySql Database and I don't see anything that needs to be enabled there.

Here is the specifics that I am looking to create:

  • Create VirtualHost, no default databases need to be created. I think I can accomplish this in the MySql Database settings bt setting "Create database as well as login?" to No.

  • Force all databases created by the admin to have his username prefixed. I think I can accomplish this with "Prefix for additional databases" to option Template with "${USER}_". Example user Bob's database would look like bob_database.

  • Allow vhost user to create new databases. Unsure how to enable this.

  • Allow vhost user to set the username and password on the newly created database. Unsure how to do this. The reasoning for this is, if the user creates a database for a forum, a gallery, and a blog, for good security you would want all of these to have separate username/passwords in case one was to become compromised.

Thanks for any help getting this set up!

Sat, 07/18/2009 - 15:38

So far I've solved several of my problems. I have it not creating a database by default, virtualserver user can create new databases, and the prefix is USER_.

The only thing left is to be able to attach an additional login/password to each database. I'll keep digging but haven't see a way to do this yet.

Sun, 07/19/2009 - 02:39
ronald's picture

Under edit databases there is a tab on the right where the user can change its password and another tab to change the username.

Sun, 07/19/2009 - 11:19

That still keeps one username/password for every single database.

Scenario: Virtual user has one site with a phpbb database (forum) a wordpress database (blog) and a gallery database. Someone hacks the users gallery and somehow procures his mysql credentials. He now has access across the board to all of this Virtual users databases! Oh no!

The better way is to have one master account, which Virtualmin has, but don't use this in your configuration files for any applications. Instead create a new mysql user for each database which will keep things much more secure. You do this like GRANT ALL ON database.* TO new_user@localhost IDENTIFIED BY "password".

You can also use different access levels besides all. The pay virtualhost packages like your Cpanel and Plesk all have this right there where you create the databases. I am now looking at adding this functionality myself to Virtualmin. However, it has been quite some time since I did any CGI development :-)

Sun, 07/19/2009 - 23:52 (Reply to #4)
Joe's picture

In your scenario, the hacker already would have access to everything they need to know all of your database passwords. If he hacks any one application, he will already have access to the filesystem with that users permissions, meaning he can look at all configuration files and scripts. The only way to actually get the segmentation you're after would be to have multiple user accounts.

I guess there are other ways for the database password to be exposed, without an exploit that permits file level access...but in such a case, the user wouldn't have a good way to access MySQL, anyway. It should only be listening on localhost, or if on a remote system accepting connections from the host where the apps run.

I'm not sure the added complexity for the end user is necessarily well-rewarded here with additional security. Am I missing an aspect of this concern?


Check out the forum guidelines!

Tue, 07/21/2009 - 09:26

No I don't think your missing any aspects and I'm probably just over paranoid. The scenario where the attacker gained the mysql credentials without accessing the filesystem was the scenario I had in mind. For the immediate moment I have just stuck with the one user/pass for all and can can manually add grants to the databases if I decided too.

I started in a little bit on adding the functionality myself, but it is a slow go with the cgi scripting. It also may not be worth the effort like you said.

Thanks for responding!

Topic locked