haiwen/seafile-server
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server.git synced 2025-09-05 01:11:05 +00:00
Code Issues Releases Wiki Activity

Fix setup-seafile-mysql script on ubuntu 16.04 with mariadb.

Browse Source 
* For MariaDB on Ubuntu 16.04, the msyql root user can only be
  accessed from localhost with unix socket. So we retry with
  localhost when failing with 127.0.0.1.

* Also we add restriction to disallow using mysql "root" user in
  ccnet/seafile/seahub configuraiton. It provides both secuirty
  hardening, and also fixes the mariadb problem mentioned above.
This commit is contained in:
Shuai Lin
2016-09-17 11:58:41 +08:00
parent a57fa10728
commit 8fdb64f640
1 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
scripts/setup-seafile-mysql.py
View File

@@ -470,9 +470,9 @@ Please choose a way to initialize seafile databases:
print 'done' print 'done'
def check_mysql_user(self, user, password): def check_mysql_user(self, user, password, host=None):
print '\nverifying password of user %s ... ' % user, print '\nverifying password of user %s ... ' % user,
kwargs = dict(host=self.mysql_host, kwargs = dict(host=host or self.mysql_host,
port=self.mysql_port, port=self.mysql_port,
user=user, user=user,
passwd=password) passwd=password)
@@ -555,7 +555,16 @@ class NewDBConfigurator(AbstractDBConfigurator):
self.create_databases() self.create_databases()
def validate_root_passwd(self, password): def validate_root_passwd(self, password):
self.root_conn = self.check_mysql_user('root', password) try:
self.root_conn = self.check_mysql_user('root', password)
except InvalidAnswer:
# For MariaDB on Ubuntu 16.04, the msyql root user can only be
# accessed from localhost with unix socket. So we retry with
# localhost when failing with 127.0.0.1.
if self.mysql_host == '127.0.0.1':
self.root_conn = self.check_mysql_user('root', password, host='localhost')
else:
raise
return password return password
def ask_root_password(self): def ask_root_password(self):
@@ -589,7 +598,9 @@ class NewDBConfigurator(AbstractDBConfigurator):
def ask_seafile_mysql_user_password(self): def ask_seafile_mysql_user_password(self):
def validate(user): def validate(user):
if user == 'root': if user == 'root':
self.seafile_mysql_password = self.root_password raise InvalidAnswer(
'Using mysql "root" user is not allowed for security reasons. Please specify a different database user.'
)
else: else:
question = 'Enter the password for mysql user "%s":' % Utils.highlight(user) question = 'Enter the password for mysql user "%s":' % Utils.highlight(user)
key = 'password for %s' % user key = 'password for %s' % user
@@ -604,7 +615,7 @@ class NewDBConfigurator(AbstractDBConfigurator):
question = 'Enter the name for mysql user of seafile. It would be created if not exists.' question = 'Enter the name for mysql user of seafile. It would be created if not exists.'
key = 'mysql user for seafile' key = 'mysql user for seafile'
default = 'root' default = 'seafile'
self.seafile_mysql_user = Utils.ask_question(question, self.seafile_mysql_user = Utils.ask_question(question,
key=key, key=key,
default=default, default=default,
@@ -709,6 +720,10 @@ class ExistingDBConfigurator(AbstractDBConfigurator):
def ask_existing_mysql_user_password(self): def ask_existing_mysql_user_password(self):
def validate(user): def validate(user):
if user == 'root':
raise InvalidAnswer(
'Using root is not allowed for security reasons. Please specify a different database user.'
)
question = 'What is the password for mysql user "%s"?' % Utils.highlight(user) question = 'What is the password for mysql user "%s"?' % Utils.highlight(user)
key = 'password for %s' % user key = 'password for %s' % user
password = Utils.ask_question(question, key=key, password=True) password = Utils.ask_question(question, key=key, password=True)