I've set up phabricator and added several users. I noticed that I can change a user's real name or username, but I am unable to change their email address. Is there some reason why this is not exposed to admins? Is there a server setting that allows admins to change email addresses.
You need to update the mysql database. In the phabricator_user db alter your email address in the user_email table. Administrators may not be all-powerful, but DBAs are.
Administrators can not change email addresses because it would let them change a user's email address to their own, reset the user's password, and then log in as the user. Administrators are not all-powerful in Phabricator's permission model, and can not compromise accounts, act as other users, or violate policies.
If you need to change an address because you made a mistake when creating a new account, you can delete the account and recreate it.
As bridiver writes, you need to change the address directly in the database. For that, you can use a helper Phabricator script to connect to the database:
$ phabricator/bin/storage shell
[...]
mysql> use phabricator_user;
Database changed
mysql> update user_email set address='newaddress#example.com' where address='oldaddress#example.com';
Query OK, 1 row affected (0.05 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> quit
It might be new, but they have a way now. I'll just list it here in case anyone has the same question later.
Log in to the server, where you have your Phabricator install, and use ./bin/accountadmin. That will let you change or add accounts at will. If you just want to look at the user, you can look in the phabricator_user database and check the user table or the user_profile table.
Related
I need to import a sql. database to Wordpress through phpMyAdmin.
Anytime I want to create a new database this error happens (#1044 - Access denied for user 'xxx' to database 'zzz').
Thanks for your help.
You can check all privileges permission of database user and also check our sql file. May be mention there "CAEATE DATABASE '*******'" if you have that then you remove that. Most of this #1044 refer you to check your database user and permission of your database. I think this suggestion will help you.
As the others have mentioned, shared hosting environments generally don't allow you to create any arbitrary database name, sometimes you're limited to only one database and sometimes it has to be a subset of your username or something. If that's the case, you'll need to edit the .sql file to force it to use the database name you've been assigned.
If that's not the case, it's likely the user you are logged in as doesn't have the privileges to create a new database, so you'll need to log in as a user that does have privileges. Perhaps you're not logged in as the user you think you are. Note that the username and host value need to match, otherwise you could be logged in as the anonymous user instead of one that has permissions (for instance, if your user account is mia with host field 127.0.0.1 but you're logged in via the socket connection to 'localhost', it doesn't match.
I want to use MySQL partial revokes in MariaDB, but there does not seem to be any reference of it in the docs, so is there are workaround?
I grant user foo privileges on *.*, and I want to partially revoke its permission to select column password on table users - how can I do this?
CREATE USER 'foo'#'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, DELETE, UPDATE ON *.* TO 'foo'#'%';
REVOKE SELECT (password) ON production.users FROM 'foo'#'%';
Such thing results in:
ERROR 1147 (42000): There is no such grant defined for user 'foo' on host '%' on table 'user'
Version: 10.3.31-MariaDB-0+deb10u1-log
Perhaps I could do something like this easily with roles? If so, can you give examples to do so?
MDEV-14443 negative grants is actively being worked on so hopefully 10.9.
At the moment creating the grants excluding your password is one option.
The other is putting the password (by which I hope you mean a uniquely salted hash or KDF) in a different table.
I have been Googling this, read the drush documentation and searched StackOverflow, but I can't find an answer to this question.
I currently use drush user-create someone#example.com --password="somepassword" to create a user.
Then there are drush commands to add a role, block the user, etc. But nothing on adding/updating fields.
Does someone know how to set a custom user field to a created user, or immediately create a user with field values (for Drupal 7 that is)?
I need to do it without answering commandline questions.
You need a custom Drush command which accepts the arguments like UID and field values.
https://www.chapterthree.com/blog/how-to-create-custom-drush-commands
https://drupalize.me/videos/passing-arguments-drush-commands?p=1134
All commands in user: (user)
user-add-role (urol) Add a role to the specified user accounts.
user-block (ublk) Block the specified user(s).
user-cancel (ucan) Cancel a user account with the specified name.
user-create (ucrt) Create a user account with the specified name.
user-information Print information about the specified user(s).
(uinf)
user-login (uli) Display a one time login link for the given user account (defaults to uid 1).
user-password (upwd) (Re)Set the password for the user account with the specified name.
user-remove-role Remove a role from the specified user accounts.
(urrol)
user-unblock (uublk) Unblock the specified user(s).
I'm wondering how to solve the following issue:
I have a web asp.net app where Forms Authentification is used, connected to the Active Directory. Also, I have a connection string to MS SQL db in the web app, where one global user (with given privileges) is used. The problem is that when I want to store information about the user (e.g. data modification log) in database, I can only get the global user info provided in the connection string, not the real user who is logged in.
Is there any possiblity to log onto a web app with my personal credentials, after, use a global user credentials to connect into the database and pass my personal user credentials (but not as parameters in store procedure) that database will think that the user who is logged in is not the global user?
I assume, it might be only possible if I also create same users in the database and use Impersonalization?
Or any other possibillities?
Thanks in advance.
What are you doing to get the current user? Are you doing something like SELECT #user = SYSTEM_USER? This will obviously only return the user that you connect to SQL Server with.
I would rather keep to using a single SQL login that the application uses, but pass in the username when you are making changes, e.g. through a sproc or a table update:
CREATE PROCEDURE dbo.DoSomething
#id INT,
#username VARCHAR(50)
AS
-- Make your changes.
INSERT INTO dbo.[Audit] SELECT 'update', #id, #username
GO
In ASP.NET you can grab the currently logged in user through User.Identity.Name property of the page.
You could use a role within your database to handle permissions, and then get the users you need in a group in AD, and assign permissions to that AD group to access your database under the role you define. (This way you don't need to assign each user to your database as you create them).
You would then use windows authentication right the way through from your web site to the database, and have the user identity that you need for logging. (You'll need to set identity impersonate="true" in your configuration).
I would note that this is only going to work (easily) if your servers and your users are all on the same network.
In my drupal site, admin user name is admin.
Im worried someone brute force this account.
I hope when I just logged out using admin user name, I can temporarily disable admin user name by modify some file in the server through ssh
You could rename the admin account by going to "user/1/edit" (or using the Users list), and change "admin" to something else. It will still be seen internally as the super-admin account, yet people won't be able to login using the name "admin" even if they try to brute-force it.
I agree with Wildpeaks, but he doesn't really answer your question.
Locking out any user, including the #1 superuser, is easy if you have access to the database, either using mysql over ssh or with a tool like phpmyadmin. To block a user, you need to set the status column to 0. for instance, if you want to block user #1:
UPDATE `users` SET `status` = 0 WHERE `uid` = 1;
This method will prevent the blocked user from logging in and will terminate his current session.
Another way to enable or disable users via SSH: Drush.
drush is a command line shell and scripting interface for Drupal, a veritable Swiss Army knife designed to make life easier for those of us who spend some of our working hours hacking away at the command prompt.
Use the command drush user-block 1 to block the admin account.
Use the command drush user-unblock 1 to unblock the admin account.
I would go with wildpeaks' suggestion, or set the admin account to 'inactive' if you have another account that you use to do daily administration.