On Thu, Aug 6, 2009 at 1:30 PM, Chad<innocentkiller(a)gmail.com> wrote:
Depends on which maintenance script you're talking
certainly does, as does renameDbPrefix (just to grab one off the top of
update.php shouldn't need access other than to the wiki database,
should it? Giving the normal wiki MySQL user rights to ALTER TABLE,
etc. isn't a security risk. If we have a script to rename the DB
prefix or fiddle with replication or whatever, then yeah, that will
need root access (or at least significantly more access than the wiki
should have on a multi-user/multi-app setup). But the overwhelming
majority of admins won't need to use that. In that case, I think
AdminSettings.php is certainly a good idea, so it could be readable
only to root and not the web server. Maybe the logic for these few
maintenance scripts should go like
1) Check in LocalSettings.php for admin login. (This is a bad idea if
you have databases the web server isn't supposed to access! But
probably fine for typical sites with only databases accessible to the
web server anyway.)
2) Check in AdminSettings.php if that exists.
3) Try /root/.my.cnf or ~/.my.cnf, just in case that works, but don't
fail fatally if a login is given there but doesn't have the needed
4) Prompt the user for a login.
I don't think this needs too much effort invested in it, though, since
only very few admins should need to run scripts that need more than
normal DB access.