On Thu, Aug 6, 2009 at 1:20 PM, Aryeh GregorSimetrical+wikilist@gmail.com wrote:
On Thu, Aug 6, 2009 at 1:05 PM, Chadinnocentkiller@gmail.com wrote:
HM is right on what these users are for. Some (not all) maintenance scripts require higher permissions than your normal $wgDBuser, so $wgDBadminuser is supposed to have those privileges.
$wgDBuser needs to have DELETE rights on pretty much all tables, so what's the security gain of bothering with a different user for ALTER TABLE/CREATE TABLE/etc.? $wgDBadminuser doesn't need to be able to create new databases or reconfigure replication or anything, right?
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Depends on which maintenance script you're talking about. Update.php certainly does, as does renameDbPrefix (just to grab one off the top of my head). The vast majority of scripts can function just fine with normal DB access. Some (mcc and digit2html, to name a few) don't need any DB access at all.
-Chad