I believe this are 2 bugs in fact:
1. Installer scripts (Joomla one for sure, maybe it's general to all of them, wish the fix could be general) are using the account owner password instead of the database password to access database for creating database and tables.
2. but once scripts are installed, if database password gets changed, the scripts stop working as the configuration.php files are not updated.
Thus we have a problem in setting it up to avoid errors: either we:
a. set database password to follow admin password, but:
- user kills his sites instantly when changing admin password
or
b. we set database password to not follow admin password, but then:
- user can't install scripts, it fails with error 1311 like this:
Database connection failed : DBI connect failed : Access denied for user 'ronald'@'localhost' (using password: YES) 1311.
So we can't accomodate that user can create new scripts, and not break existing sites.
PROPOSED FIXES:
A) installer scripts should use the database password and not user's.
B) installer scripts should update scripts settings which are under their control if user changes database password directly (or indirectly with his user account password changed, and database setting set to follow it).
C) have a separate dedicated 2nd+ database access username/password for each script, authorizing to access only databases created for it. This would be best security-wise, actually as a vulnerable script might not necessarily give access to all of user's database.
Fix C) would solve issues 1. and 2. without needing the fix "B)" which might be tricky.
So fixes A) and C) are really welcome, but if C) isn't feasible, then B) could be welcome.
Comments
Submitted by beat on Tue, 01/05/2010 - 12:07 Comment #6
This is bugging us once every few weeks...still.
1) user signs up, virtualmin virtual server gets created and joomla gets installed
2) user changes his password
3) user tries installing e.g. joomla in a subfolder and it fails.
Thanks to our setting, joomla of top folder contniues to work, but it's annoying that user can't install any database-package.
Can this please be fixed ? Many thanks in advance, Beat
Submitted by JamieCameron on Tue, 01/05/2010 - 12:49 Comment #7
This should already work - when Joomla is installed, it should use the current DB password to connect to the DB, even if that is different from the domain's FTP/SSH/Virtualmin login.
Or was the DB password changed after Joomla was installed?
Submitted by beat on Tue, 01/05/2010 - 13:14 Comment #8
in step 2) between the 2 joomla installs. Then 2nd install fails.
We set database password to not follow webmin user password when webmin password is changed.
That happened last time 2 days back with latest VirtualminPro at that time.
Submitted by JamieCameron on Tue, 01/05/2010 - 14:36 Comment #9
Ok .. so exactly how did you change the DB password? The correct place is at Edit Databases -> Passwords. Changing it elsewhere may cause this kind of problem ..
Submitted by beat on Thu, 07/22/2010 - 18:45 Comment #10
I made a new, much clearer bug report for this same issue here: https://www.virtualmin.com/node/15060
So I guess this old and unclear one can be closed same time than bug fix for new bug report.
Submitted by andreychek on Thu, 07/22/2010 - 23:15 Comment #11
Closing this task by request, as there's a new task for this issue.