phpwiki-talk

[Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Marjorie R. <mro...@ma...>]

Hello,

I spent a gazillion hours, as a frustrated sort-of newbie, unable to create the mysql database. 

Seems to me that the directions should add "CREATE" permissions along with the select, insert, update, and delete that are provided in the INSTALL.mysql.

Am I right about that?

Even when I tried to update my username with these permissions, my grant statement didn't work (for hours, and hours of trying every which possibility.) I think I might've gotten it, though I finally ended up with the lovely username "testnew."

I have a lot of questions, etc, but this is just an ode to how hard it is not be an expert in something. Things that are completely trivial to an expert can take hours and hours, or days, or weeks, for a newbie...

Ah well, we shall see. I do aim for a sense of mastery in linux, apache, mysql, and php, but only time will tell....

The neighbor says that everything2 is cooler than phpwiki, by the way. Any thoughts on that? This somehow seemed more manageable to me (notwithstanding the last 7 hours!).

What is the real benefit of moving the phpwiki to mysql, anyhow? Will it be faster than the default DBM system? 

Best Regards,

Margie-near-midnight, and smart enough to know that I should wait until a different day to try to actually upgrade my wiki, for fear of losing it all. 

Note: Steve, thanks VERY MUCH for your helpful reply before I found this listserv. 

Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Steve W. <sw...@pa...>]

Hi Marjorie, sorry for the delay. I've been watching TV a lot lately and
waiting to hear from friends, and I finally have and they are all OK. (I
live in Manhattan).

On Mon, 10 Sep 2001, Marjorie Roswell wrote:

> Hello,
>
> I spent a gazillion hours, as a frustrated sort-of newbie, unable to
> create the mysql database.
>
> Seems to me that the directions should add "CREATE" permissions along
> with the select, insert, update, and delete that are provided in the
> INSTALL.mysql.
>
> Am I right about that?

You may be right... read on:

> Even when I tried to update my username with these permissions, my
> grant statement didn't work (for hours, and hours of trying every
> which possibility.) I think I might've gotten it, though I finally
> ended up with the lovely username "testnew."
>
> I have a lot of questions, etc, but this is just an ode to how hard it
> is not be an expert in something. Things that are completely trivial
> to an expert can take hours and hours, or days, or weeks, for a
> newbie...

I share your pain. Postgresql and Mysql are notoriously difficult to set
up and administrate. And they both do it in totally different ways. I know
once I have one or the other set up it's a long time before I have to do
it again and by then I've forgotten, and it takes at least an evening to
do it over. I hate it.


> The neighbor says that everything2 is cooler than phpwiki, by the way.
> Any thoughts on that? This somehow seemed more manageable to me
> (notwithstanding the last 7 hours!).

everything2, from my limited exposure to it, is very very different from a
Wiki. I don't think you can edit the existing content, only add new ones
(thus an append-only kind of information repostitory). However I almost
guarantee you it runs on Mysql, which as we all know is the source of a
lot of Slashdot's problems ;-)

So is it better for you? Depends on what you are doing.


> What is the real benefit of moving the phpwiki to mysql, anyhow? Will
> it be faster than the default DBM system?

To answer that might start a holy war ;-)

But to be short and fair, there are advantages and disadvantages to all
three types (you left out flat file, which you might want to try).

RDBMS (mysql, pgsql etc): data integrity, data manipulation through a 4G
language (SQL), a simple interface to access the database through (its
API), portability, lots more. But it can be hard to set up and
administrate. This forms a large barrier to entry for a lot of people.

DBM (gdbm, ndbm, sdmb etc) are available on most Unix systems, Linux in
particular, so it was a good choice for the default database. However in
order to have the same set of features as we have for the Mysql version,
we have to write a lot more code to manipulate the data.

Flat file: This might be a better choice in the future for the default
setup, since we can probably get away with creating a directory in /tmp.
It will require even more coding than DBM though. Not a lot more maybe,
but still more. I don't know how portable the code would be (did I just
say that? I never used to care if it ran on Windows systems ;-)


> Margie-near-midnight, and smart enough to know that I should wait
> until a different day to try to actually upgrade my wiki, for fear of
> losing it all.

As always, backup, backup, backup. Don't upgrade your existing Wiki
either; set up a whole new one, with Mysql, then port the content over via
zip file. We'll tell you how to do that when you are ready. I think it's
also documented in the config.php file.

cheers
~swain

---
                  http://www.panix.com/~swain/
"Without music to decorate it, time is just a bunch of boring
production deadlines or dates by which bills must be paid."
                     -- Frank Zappa
http://pgp.document_type.org:11371/pks/lookup?op=get&search=0xF7323BAC

Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Gary B. <ga...@in...>]

On Sun, 16 Sep 2001, Steve Wainstead wrote:

> On Mon, 10 Sep 2001, Marjorie Roswell wrote:
>
> > Seems to me that the directions should add "CREATE" permissions along
> > with the select, insert, update, and delete that are provided in the
> > INSTALL.mysql.
> >
> > Am I right about that?
>
> You may be right... read on:

I meant to reply to this a while ago, but I too spent a lot of time
watching TV and then got food poisoning and spent most of the weekend
vomiting :-(

I think that INSTALL.mysql should say "-uroot -p" instead of "-uuser
-ppassword", since _all_ of the stuff mentioned in there should be done as
the MySQL user. Okay, if someone has set up another user to have CREATE
and GRANT permissions then they can use another user, but then anyone
who has set that up should know how to do it anyway ;-)

The session should look like:

% mysqladmin -uroot -p create phpwiki
Enter password: PrEtTySeKrEt
% mysql -uroot -p
Enter password: PrEtTySeKrEt
Welcome to the MySQL monitor.  Blah blah blah
mysql> GRANT select, insert, update, delete
    -> ON phpwiki.*
    -> TO wikiuser@localhost
    -> IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.85 sec)
mysql> exit
Bye
% mysql -uroot -p phpwiki <schemas/schema.mysql
Enter password: PrEtTySeKrEt
%

The database and all tables have now been created, so the wiki user does
not need CREATE permission. It is therefore in the interest of security
that the user does not have it, to protect from vulnerabilities which may
be in PhpWiki.

Cheers,
Gary

[ ga...@in... ][ GnuPG 85A8F78B ][ http://inauspicious.org/ ]

Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Steve W. <sw...@pa...>]

On Sun, 16 Sep 2001, Gary Benson wrote:

> % mysql -uroot -p
> Enter password: PrEtTySeKrEt
> Welcome to the MySQL monitor.  Blah blah blah
> mysql> GRANT select, insert, update, delete
>     -> ON phpwiki.*
>     -> TO wikiuser@localhost
>     -> IDENTIFIED BY 'password';
> Query OK, 0 rows affected (0.85 sec)
> mysql> exit
> Bye
> % mysql -uroot -p phpwiki <schemas/schema.mysql
> Enter password: PrEtTySeKrEt
> %
>
> The database and all tables have now been created, so the wiki user does
> not need CREATE permission. It is therefore in the interest of security
> that the user does not have it, to protect from vulnerabilities which may
> be in PhpWiki.
>

I am told something about having to flush the tables too, for the
permissions to take effect. Unfortunately I can't get at that comment
right now...

~swain


---
                  http://www.panix.com/~swain/
"Without music to decorate it, time is just a bunch of boring
production deadlines or dates by which bills must be paid."
                     -- Frank Zappa
http://pgp.document_type.org:11371/pks/lookup?op=get&search=0xF7323BAC

Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Jeb B. <je...@oc...>]

On Sun, Sep 16, 2001 at 07:24:20PM -0400, Steve Wainstead wrote:
> On Sun, 16 Sep 2001, Gary Benson wrote:
> 
> > % mysql -uroot -p
> > Enter password: PrEtTySeKrEt
> > Welcome to the MySQL monitor.  Blah blah blah
> > mysql> GRANT select, insert, update, delete
> >     -> ON phpwiki.*
> >     -> TO wikiuser@localhost
> >     -> IDENTIFIED BY 'password';
> > Query OK, 0 rows affected (0.85 sec)
> > mysql> exit
> > Bye
> > % mysql -uroot -p phpwiki <schemas/schema.mysql
> > Enter password: PrEtTySeKrEt
> > %
> >
> > The database and all tables have now been created, so the wiki user does
> > not need CREATE permission. It is therefore in the interest of security
> > that the user does not have it, to protect from vulnerabilities which may
> > be in PhpWiki.
> >
> 
> I am told something about having to flush the tables too, for the
> permissions to take effect. Unfortunately I can't get at that comment
> right now...

I just happened to read the manual on this.  You don't need to flush
the tables when using the GRANT command, since that takes care of it
for you.  You would need to if you inserted the row in the mysql.users
directly, but that is only necessary in older versions of MySQL before
GRANT was working.  (I wouldn't bother documenting all that in PhpWiki
though, since it's already covered elsewhere, and people running older
versions of MySQL should probably know how to create a user anyway...)

Peace,
-jeb