Greetings Virtualmin team,
Currently when we create a sub-server, virtualmin does not create a user in mysql for the sub-server and if we need to segregate access to a database, we need to create a user via webmin > Servers > MySQL database server, or directly in mysql via command line, or via other administration software and grant the sub-server exclusive user access on the sub-server base. I believe it is an important feature for security and to facilitate the management of databases with the Virtualmin that it creates, or have the option to create one or more users only from mysql for extra databases of a domain, or of sub-servers of a domain.
Submitted by JamieCameron on Sun, 06/27/2021 - 13:05 Comment #1
This is by design, as in Virtualmin only top-level servers get a user (for SSH, FTP, MySQL and Virtualmin itself).
You can create an extra user with full access to selected MySQL databases though.
I understand that this is virtualmin's default behavior, but for reasons of security and convenience for customers, I think it would be an important improvement for you to consider. When a user is created directly in the database, for example, even through webmin, this additional user is not migrated, and I believe that it should, or at least could, be managed by Virtualmin. Another reason for more users is that if an application's database password is exposed, all of a client's applications need to be password reset, and the potential attacker has access to all data from all databases. of the customer. I understand that this type of control and responsibility is to the customer client, but if Virtualmin can help with the control/management for the customer clients it would be a good thing.
Considering your case, for security reasons and access segregation it would be better to create a sub-domain as top-level server.
Only root can do that Ilia, clients need to create other accounts to do that. Then, to manage that when the client have ten domains...
Submitted by JamieCameron on Fri, 07/02/2021 - 23:21 Comment #5
Not sure if I explained this clearly in my comment above, but after creating a sub-server with a database, you can go to the Edit Users page, create a new user, and under "Other user permissions" give him access to the database.
The option to create another user for the domain creates a email@example.com and with access to email and maybe FTP, accesses that are not necessary and can create more security problems than just another user in mysql / mariadb without access to anything but a database can guarantee. And setting up a user with firstname.lastname@example.org can be problematic in some applications too.
I opened this ticket to propose a suggestion that I believe is valid and useful from a security point of view. Creating a user for each customer's database can prevent an application from accessing data from another, an attacker who discovers the password of an application from hacking into another, and in the case of customers with more than one development team (with multiple projects for example ) avoids the risk of problems between teams that can be caused if an ill-intentioned collaborator manipulates someone else's work (this is an extreme case it's true, but unfortunately we're not free of it in this world)
Submitted by JamieCameron on Sat, 07/03/2021 - 18:13 Comment #7
We can look into making creation of this extra user an automatic part of the process of creating a new sub-domain or MySQL database.
However, you can already create an extra user without email or FTP access enabled, and with access to only a single MySQL database. This would be effectively the same as the extra login Virtualmin would create.
Now when we create one user in mysql (using the webmin) that user is not migrated when I move the virtual server to another virtualmin installation, requiring to create manually again the user.
Recently I migrated the virtualmin server to another installation, there were some clients that I created the user for the database in the old installation and the client configured the application to use the respective user, when they were migrated, the applications did not start automatically due to the absence of this type of user that was not migrated.
Submitted by JamieCameron on Tue, 07/06/2021 - 14:25 Comment #9
That's somewhat expected, as Virtualmin doesn't know about users not created in it's part of the UI. That's why I'd recommend creating extra users on the Edit Users page.
And, as I said before, create an extra user, in the way you suggested, create a user, with email, and in the format email@example.com and not a user in the format clienteadmin_usuario which makes it difficult to use in applications, there is a size limit of usernames in mysql, etc., anyway, this is not what I'm suggesting as a new feature, and the current forms do not suit me or clients who have several collaborators working. If you're not going to do it, OK, I create manually like I did before, and when I'm migrating servers, I'll include this in my script of things to do, copy the handmade user, something that would be much better if virtualmin did it by me.
Submitted by JamieCameron on Sat, 07/10/2021 - 16:52 Comment #11
Ok, so would it meet your requirements if the extra MySQL users just had short usernames?