Virtualmin create-user with --mysql option granting access to all databases in domain

OS type and version Debian 12
Virtualmin version 7.8.2

Hello, i’m facing a problem with the use of the create-user CLI command, specifically, when using the --mysql option, the documentation states that --mysql should be followed by the name of the database you want the user to have access to.
The problem for me is that the command doesn’t seem to assign the permissions correctly. specifically when using the option, regardless of the database name you give it, the user will be granted permissions to all the databases in the domain.

I tried making a test domain and this seems replicable:

i first created a test virtual server, and made 3 databases associated to it

i then tried creating a “control” user without using the --mysql option, just to see if the problem was some default template thing

# virtualmin create-user --domain test.test --user usernodb --pass test
User usernodb@test.test created successfully

this works as intended, giving the user no access on any of the databases.

i then created a new user trying to give permissions to the testdb2 database

# virtualmin create-user --domain test.test --user userdb --pass test --mysql testdb2
User userdb@test.test created successfully

this granted access to all databases in the virtual server, not just the one specified.

i’m positive this could be a bug, but i’m open to solutions if this is an error on my end

I discovered this while trying to automate the migration of a virtual server with a whole bunch of databases and user, trying to give one database per user and discovering the mess that was left afterwards

@Jamie, I think it’s the bug. I see it too.

well it’s always a fun day when i find a bug in a big project. i tried looking at the code responsible for this but it’s the very first time i’ve looked at Perl and boy i wish i hadn’t, looks like hieroglyphs to me

While we wait for someone with experience with the codebase to help, is there some way i can script something like this at the moment? for example is there a CLI way i can add permissions for a single
database to an already existing user?

Edit: stupid question, modify-user can do this, and does not seem to have the same bug, will use that in the meantime

This does look like a bug, but I wasn’t able to re-produce it. @Ilia can you repro this on a test system?

Yes, and I can see what’s causing this bug. Although, I need to run deeper tests to make sure it will work as expected in all use-cases.

Anyway, here is the fix for this issue. Sadly, I don’t understand why I made this change at the first place.

Perhaps, my idea was to make sure that access to all databases is provided after restore. Although, I can see that access to the associated databases is actually provided after the restore already.

Thanks for the fix! Yeah I’m not sure what the reasoning was behind the original code either …

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.