From: Marjorie R. <mro...@ma...> - 2001-09-11 03:31:41
|
Hello, I spent a gazillion hours, as a frustrated sort-of newbie, unable to create the mysql database. Seems to me that the directions should add "CREATE" permissions along with the select, insert, update, and delete that are provided in the INSTALL.mysql. Am I right about that? Even when I tried to update my username with these permissions, my grant statement didn't work (for hours, and hours of trying every which possibility.) I think I might've gotten it, though I finally ended up with the lovely username "testnew." I have a lot of questions, etc, but this is just an ode to how hard it is not be an expert in something. Things that are completely trivial to an expert can take hours and hours, or days, or weeks, for a newbie... Ah well, we shall see. I do aim for a sense of mastery in linux, apache, mysql, and php, but only time will tell.... The neighbor says that everything2 is cooler than phpwiki, by the way. Any thoughts on that? This somehow seemed more manageable to me (notwithstanding the last 7 hours!). What is the real benefit of moving the phpwiki to mysql, anyhow? Will it be faster than the default DBM system? Best Regards, Margie-near-midnight, and smart enough to know that I should wait until a different day to try to actually upgrade my wiki, for fear of losing it all. Note: Steve, thanks VERY MUCH for your helpful reply before I found this listserv. |
From: Steve W. <sw...@pa...> - 2001-09-16 20:41:04
|
Hi Marjorie, sorry for the delay. I've been watching TV a lot lately and waiting to hear from friends, and I finally have and they are all OK. (I live in Manhattan). On Mon, 10 Sep 2001, Marjorie Roswell wrote: > Hello, > > I spent a gazillion hours, as a frustrated sort-of newbie, unable to > create the mysql database. > > Seems to me that the directions should add "CREATE" permissions along > with the select, insert, update, and delete that are provided in the > INSTALL.mysql. > > Am I right about that? You may be right... read on: > Even when I tried to update my username with these permissions, my > grant statement didn't work (for hours, and hours of trying every > which possibility.) I think I might've gotten it, though I finally > ended up with the lovely username "testnew." > > I have a lot of questions, etc, but this is just an ode to how hard it > is not be an expert in something. Things that are completely trivial > to an expert can take hours and hours, or days, or weeks, for a > newbie... I share your pain. Postgresql and Mysql are notoriously difficult to set up and administrate. And they both do it in totally different ways. I know once I have one or the other set up it's a long time before I have to do it again and by then I've forgotten, and it takes at least an evening to do it over. I hate it. > The neighbor says that everything2 is cooler than phpwiki, by the way. > Any thoughts on that? This somehow seemed more manageable to me > (notwithstanding the last 7 hours!). everything2, from my limited exposure to it, is very very different from a Wiki. I don't think you can edit the existing content, only add new ones (thus an append-only kind of information repostitory). However I almost guarantee you it runs on Mysql, which as we all know is the source of a lot of Slashdot's problems ;-) So is it better for you? Depends on what you are doing. > What is the real benefit of moving the phpwiki to mysql, anyhow? Will > it be faster than the default DBM system? To answer that might start a holy war ;-) But to be short and fair, there are advantages and disadvantages to all three types (you left out flat file, which you might want to try). RDBMS (mysql, pgsql etc): data integrity, data manipulation through a 4G language (SQL), a simple interface to access the database through (its API), portability, lots more. But it can be hard to set up and administrate. This forms a large barrier to entry for a lot of people. DBM (gdbm, ndbm, sdmb etc) are available on most Unix systems, Linux in particular, so it was a good choice for the default database. However in order to have the same set of features as we have for the Mysql version, we have to write a lot more code to manipulate the data. Flat file: This might be a better choice in the future for the default setup, since we can probably get away with creating a directory in /tmp. It will require even more coding than DBM though. Not a lot more maybe, but still more. I don't know how portable the code would be (did I just say that? I never used to care if it ran on Windows systems ;-) > Margie-near-midnight, and smart enough to know that I should wait > until a different day to try to actually upgrade my wiki, for fear of > losing it all. As always, backup, backup, backup. Don't upgrade your existing Wiki either; set up a whole new one, with Mysql, then port the content over via zip file. We'll tell you how to do that when you are ready. I think it's also documented in the config.php file. cheers ~swain --- http://www.panix.com/~swain/ "Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid." -- Frank Zappa http://pgp.document_type.org:11371/pks/lookup?op=get&search=0xF7323BAC |
From: Gary B. <ga...@in...> - 2001-09-16 22:59:17
|
On Sun, 16 Sep 2001, Steve Wainstead wrote: > On Mon, 10 Sep 2001, Marjorie Roswell wrote: > > > Seems to me that the directions should add "CREATE" permissions along > > with the select, insert, update, and delete that are provided in the > > INSTALL.mysql. > > > > Am I right about that? > > You may be right... read on: I meant to reply to this a while ago, but I too spent a lot of time watching TV and then got food poisoning and spent most of the weekend vomiting :-( I think that INSTALL.mysql should say "-uroot -p" instead of "-uuser -ppassword", since _all_ of the stuff mentioned in there should be done as the MySQL user. Okay, if someone has set up another user to have CREATE and GRANT permissions then they can use another user, but then anyone who has set that up should know how to do it anyway ;-) The session should look like: % mysqladmin -uroot -p create phpwiki Enter password: PrEtTySeKrEt % mysql -uroot -p Enter password: PrEtTySeKrEt Welcome to the MySQL monitor. Blah blah blah mysql> GRANT select, insert, update, delete -> ON phpwiki.* -> TO wikiuser@localhost -> IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.85 sec) mysql> exit Bye % mysql -uroot -p phpwiki <schemas/schema.mysql Enter password: PrEtTySeKrEt % The database and all tables have now been created, so the wiki user does not need CREATE permission. It is therefore in the interest of security that the user does not have it, to protect from vulnerabilities which may be in PhpWiki. Cheers, Gary [ ga...@in... ][ GnuPG 85A8F78B ][ http://inauspicious.org/ ] |
From: Steve W. <sw...@pa...> - 2001-09-16 23:24:25
|
On Sun, 16 Sep 2001, Gary Benson wrote: > % mysql -uroot -p > Enter password: PrEtTySeKrEt > Welcome to the MySQL monitor. Blah blah blah > mysql> GRANT select, insert, update, delete > -> ON phpwiki.* > -> TO wikiuser@localhost > -> IDENTIFIED BY 'password'; > Query OK, 0 rows affected (0.85 sec) > mysql> exit > Bye > % mysql -uroot -p phpwiki <schemas/schema.mysql > Enter password: PrEtTySeKrEt > % > > The database and all tables have now been created, so the wiki user does > not need CREATE permission. It is therefore in the interest of security > that the user does not have it, to protect from vulnerabilities which may > be in PhpWiki. > I am told something about having to flush the tables too, for the permissions to take effect. Unfortunately I can't get at that comment right now... ~swain --- http://www.panix.com/~swain/ "Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid." -- Frank Zappa http://pgp.document_type.org:11371/pks/lookup?op=get&search=0xF7323BAC |
From: Jeb B. <je...@oc...> - 2001-09-17 07:00:56
|
On Sun, Sep 16, 2001 at 07:24:20PM -0400, Steve Wainstead wrote: > On Sun, 16 Sep 2001, Gary Benson wrote: > > > % mysql -uroot -p > > Enter password: PrEtTySeKrEt > > Welcome to the MySQL monitor. Blah blah blah > > mysql> GRANT select, insert, update, delete > > -> ON phpwiki.* > > -> TO wikiuser@localhost > > -> IDENTIFIED BY 'password'; > > Query OK, 0 rows affected (0.85 sec) > > mysql> exit > > Bye > > % mysql -uroot -p phpwiki <schemas/schema.mysql > > Enter password: PrEtTySeKrEt > > % > > > > The database and all tables have now been created, so the wiki user does > > not need CREATE permission. It is therefore in the interest of security > > that the user does not have it, to protect from vulnerabilities which may > > be in PhpWiki. > > > > I am told something about having to flush the tables too, for the > permissions to take effect. Unfortunately I can't get at that comment > right now... I just happened to read the manual on this. You don't need to flush the tables when using the GRANT command, since that takes care of it for you. You would need to if you inserted the row in the mysql.users directly, but that is only necessary in older versions of MySQL before GRANT was working. (I wouldn't bother documenting all that in PhpWiki though, since it's already covered elsewhere, and people running older versions of MySQL should probably know how to create a user anyway...) Peace, -jeb |