Debian Stretch MariaDB cannot authenticate from PHP application - mariadb

I'm using a fresh installation of Debian Stretch, and installed PHP7 and MariaDB as recommended:
sudo apt-get install nginx mariadb-server mariadb-client php-mysqli php7.0-fpm php7.0-curl
Then using sudo mysql_secure_installation I followed the prompts to remove test users etc.
MariaDB seems to use unix_socket authentication (which is a new concept to me). I like how it restricts root access to sudoers and allows me to grant DB permissions to specific OS users.
However I'd prefer to assign individual user/passwords for each web application running on the server. They all run as www-data user on the system and I see no reason to let them share databases.
So I created a user for my first PHP script and granted access to a new database:
CREATE USER 'telemetry'#'localhost' IDENTIFIED BY 'yeah_toast';
UPDATE mysql.user SET plugin='mysql_native_password' WHERE user='telemetry';
GRANT ALL PRIVILEGES ON telemetry TO 'telemetry'#'localhost';
FLUSH PRIVILEGES;
But it refuses to let me connect from the application:
[error] 19336#19336: *20 FastCGI sent in stderr: "PHP message: PHP Warning: mysqli::real_connect(): (HY000/1045): Access denied for user 'telemetry'#'localhost' (using password: YES) in /path/to/database.inc.php on line 30
The credentials I'm using from the application are as follows:
Host: localhost (also tried 127.0.0.1)
Username: telemetry
Password: yeah_toast
Database: telemetry
I tried deleting and re-creating the username in case it was a password problem, and creating a user #'localhost' and #'%' but none seem to work. In fact when I log in using the same credentials from the command line without sudo it works great (mysql -utelemetry -p).
Am I missing a MariaDB configuration step here?

Related

Why does mariabackup always give me access denied?

Context
Running MariaDb 10.6.7 on Windows 11. Trying to use mariabackup to do a partial backup of my database. Database, target backup folder and backup process all on the same PC.
Issue
In a batch file I have this:
cd C:\"Program Files\MariaDB 10.6\bin"
mariabackup --backup --target-dir='D:\OneDrive\Backups\MariaDb' --databases-exclude="*test" --user=root --password=myPasswordWithNoQuotes
Which keeps giving me the response:
Failed to connect to MariaDB server: Access denied for user 'root'#'localhost' (using password: YES)
Things I've checked
Running the batch file as administrator
root has full priviliges
Password is correct - checked by logging into root with MySQL Workbench and MySQLClient and HeidiSQL.
Question
How do I set access rights so that the backup can proceed?
When I changed the root password to something simple everything worked. So it looks like the issue was a special character in the password (a % character perhaps) or the way that the password parameter was formed in the mariabackup command.

How can I fix this login error in MariaDB?

I recently install MariaDB and use DB
but it has error on login
I check my plugin
root localhost mysql_native_password
Enter password:
ERROR 1698 (28000): Access denied for user 'root'#'localhost'
How can I fix??
Recent versions of MariaDB will authenticate users via unix_socket plugin when connecting via unix_socket (localhost).
So if you need to connect as root, just do a
$ sudo mysql
and enter password afterwards.

salt-ssh permission denied when attempting to log into remote system

I am new to salt-ssh and I have gotten it to work successfully for setting up a remote system. However, I have a login issue that I don't know how to address. What is happening is that when I try to run the salt-ssh commands I have to fight with then initial login process before eventually it just works. I am looking to see if I can narrow down what is causing me to have to fight with login process.
I am using OS X to run my salt-ssh commands against an ubuntu vagrant vm.
I have added my root user's ssh key to the root user authorized_keys on the vagrant vm. I have verified that I can log into the system using ssh without any issues
sudo ssh root#192.168.33.10
Here are what my config files look like:
roster
managed:
host: 192.168.33.10
user: root
sudo: true
Saltfile
salt-ssh:
config_dir: /users/vmcilwain/projects/salt-ssh-rails
roster_file: /users/vmcilwain/projects/salt-ssh-rails/roster
log_file: /users/vmcilwain/projects/salt-ssh-rails/saltlog.txt
master
file_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/states
pillar_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/pillars
I run this command:
sudo salt-ssh -i '*' test.ping
I enter my local user's password and I get this output
Permission denied for host 192.168.33.10, do you want to deploy the salt-ssh key? (password required):
[Y/n]
This is where my fight is. If the vagrant vm has the ssh key for the user I am executing salt-ssh as, why am I being told that permission is denied? Especially when I verified I could ssh into the system without using salt-ssh.
Clicking yes prompts me for the remote root user's password, which I didn't set and don't necessarily want to since an ssh key should have worked.
I'm hoping someone can tell me the best way to setup connections between both systems so that I don't have to have this fight every time.
I needed to set the priv in my roster to the rsa key that I am using to connect to the remote host:
priv: /Users/vmcilwain/.ssh/id_rsa

How to reset password in MariaDB on Windows?

How to reset password in MariaDB? I use Windows and NOT Linux. Anyone who knows how to reset my MySQL MariaDB password? I tried to search on Google but did not help.
I bumped into the same problem. I lost the root password for a test server on a windows development machine.
Following the Linux step:
After
net stop mysql
Try invoking mysqld with
mysqld --skip-grant-tables
mysqld will only exit with a short message
[Note] mysqld.exe <...5.5.48.MariaDB> starting as process <pid> ...
then it quits. However I tried to launch mysqld directly, there is no mysqld.exe process. The service start command might have some argument combination that enabled mysqld to run. Tried to pass the settings through a configuration file and it works.
put
skip-grant-tables=TRUE
into MariaDB 5.5\data\my.ini
Restart mysqld, by
net stop mysql && net start mysql
then being able to login as root.
Don't forget to remove the inserted line and restart mysqld again.
As this is top result in Google here's a quick way to change the password:
Stop the DB server
create a text file containing your new password:
ALTER USER 'root'#'localhost' IDENTIFIED BY 'DontForgetMeAgain';
Run this command (don't forget to replace the path to file):
mysqld --init-file=C:\\path\\to\\file.txt
And we're done
Using skip-grant-tables led Maria Db to complain when changing a password even if logged in as root.
I had to do a little modification on Tom's answer in the content of the file to make it work for me:
After stopping the DBServer i created a file with this content:
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('mynewpassword');
FLUSH PRIVILEGES;
then I run:
C:\Program Files\MariaDB 10.1\bin>mysqld --init-file=C:\\path\\to\\file.txt
I then managed to log in

WordPress FTP update on EC2 server

I have an AWS EC2 instance running an Ubuntu 12.04 web server that I host Wordpress on. For Wordpress to update, it's asking me to supply FTP credentials. I have set up FTP according to this post: http://stephen-white.blogspot.co.uk/2012/05/how-to-set-up-wordpress-on-amazon-ec2_31.html
But the FTP user I created (ftpuser) can't log in. WP only gives very vague errors, but I tried using FTP in the OSX terminal, which gives 'Login incorrect', but the password is definitely correct. I can FTP in using my normal username and password.
This is the content of my vsftpd.conf file (I've removed all commented out lines):
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pasv_enable=YES
pasv_min_port=14000
pasv_max_port=14050
port_enable=YES
pasv_address=54.241.13.224
pasv_addr_resolve=NO
This is an nmap of the servers ports:
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp closed https
14000/tcp closed unknown
The /var/www (where I have Wordpress installed) folder is owned by ftpuser and this is the entry for the ftpuser in the file /etc/passwd:
ftpuser:x:1001:1001::/var/www:/sbin/nologin
I'm only an amateur server admin, so haven't a full clue of what I'm doing. Anyone have any ideas why this is happening and what needs to be done?
If you are receiving the following error message "Login incorrect" on AWS EC2:
331 Please specify the password.
Password:
530 Login incorrect.
ftp: Login failed
There is a problem with login using Shell. To overcome this there is one further step missing after the following in that Blog Post:
Add an FTP user, giving access only to the WordPress files and for additional security >ensuring the user can not open a shell:
useradd ftpuser -d /var/www/html -s /sbin/nologin
Add the following:
Add /usr/sbin/nologin on to the last line of /etc/shells file:
$ vi /etc/shells
/usr/sbin/nologin
Try logging in again using your FTP client. That's how I got it working on my instances.

Resources