It's a new error, in the previous releases it was ok. i don't know when it born, but just notice now.
We use "domain.tld.username" usernameing on the servers. (i know it cause some problems with the 16 character mysql username limits but usually ok, and it's an other issue) so :
Create a subserver: (In Parent servers the webmin admin will be the sqladmin too - mysql chunk problem - so we only notice it only in subservers with long domain names.) exampleexample.com
create a web ftp user example: exampleexample.com.ftp
create an sql user example: exampleexample.com.sql (grant sql acc here for a normal user)
and after this the virtualmin show (Edit Mail and FTP Users): exampleexample.com.ftp - has Database acc exampleexample.com.sql - has no Database acc
"Other user permissions" show the same.
But you can reach the sql with the exampleexample.com.sql user password. (i know the server chunk the username....)
so the main problem is: If the customer change the ftp pass then the mysql pass will change too, and the customer website stop.
i hope it's clear. if not please notice.
Comments
Submitted by JamieCameron on Fri, 08/14/2009 - 12:53 Comment #1
I think the issue here is that both exampleexample.com.ftp and exampleexample.com.sql are longer than 16 characters, so their MySQL usernames will be the same. This is pretty hard for Virtualmin to deal with properly, as it has no way of knowing which user a particular MySQL login is associated with.
One fix is to switch to a username format that does not generate these kinds of clashes. If your usernames were like ftp.exampleexample.com and sql.exampleexample.com , this clash couldn't happen.
This can be configured at System Settings -> Server Templates -> Default Settings -> Mail for domain -> Format for usernames that include domain.
Does that help?
Submitted by smartvirtualmin on Fri, 08/14/2009 - 13:00 Comment #2
The problem is nobody ever grant sql acces to the user "ftp".
I understood the bug now i think. The virtualmin do not store the privileges just query that from the sql server? And because of the chunking the virtualmin can't detect the exact user, and show the first user which match? is that a right idea?
But in the older virtualmin versions it was not a problem, as i know.
other thing: yup i know that solution. but we do not want change the nameing because if i change the nameing there, what will happen with the old users? nothing, as i hope so?
Submitted by JamieCameron on Fri, 08/14/2009 - 13:45 Comment #3
This has been the behaviour of Virtualmin pretty much from the start .. it doesn't store the MySQL username, just queries the database.
Changing the naming is safe, as it won't effect existing users at all.
Submitted by smartvirtualmin on Tue, 08/25/2009 - 10:29 Comment #4
this new feature which show the myslq username if it chunked is very good. thanks a lot: "(MySQL login xxxxxxxxxxxxxxxxxxxx)"
and we change the username format to username_domain i think it's solve the issue.
i think it's open a very lightweight security issue about if customers use too long same usernames they can acces to eachother databases but i think it's not a real thread.
thanks the support
Submitted by JamieCameron on Tue, 08/25/2009 - 11:38 Comment #5
I just wish MySQL supported longer usernames, which would avoid this whole issue .. but for now, switching the prefix order for usernames in Virtualmin is the recommended solution.
Submitted by Issues on Tue, 09/08/2009 - 12:18 Comment #6
Automatically closed -- issue fixed for 2 weeks with no activity.