--disabled-password \
--group \
--home /home/mysql/data \
+ --no-create-home \
--shell /bin/false \
--system
sudo usermod --home /home/mysql mysql
sudo adduser mysql mysql-data
- sudo install -m 640 -o mysql -g mysql \
+ sudo install -m 644 -o mysql -g mysql \
"$tool"/etc/mysql/my.cnf \
/etc/mysql/my.cnf
sudo install -d -m 751 -o mysql -g mysql \
/home/mysql
- sudo install -d -m 750 -o mysql-data -g mysql-data \
- /home/mysql/data
- if test ! -d /home/mysql/data
+ if sudo test ! -d /home/mysql/data
then
+ sudo install -d -m 750 -o mysql -g mysql-data \
+ /home/mysql/data
sudo -u mysql mysql_install_db \
--no-defaults \
--datadir=/home/mysql/data
fi
sudo service tmpfs restart
case $(sudo sv status mysql || true) in
- (run:*) sudo sv restart mysql
+ (''|run:*|*"s, normally up;"*)
+ sudo sv restart mysql
+ case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
+ ("/run/mysqld/sock/ CREATE mysql")
+ # NOTE:
+ # - ajoute l'accès par socket Unix à root
+ # - supprime l'accès par mot-de-passe à root
+ # - supprime les bases de données de l'utilisateurice anonyme
+ # - supprime l'utilisateurice anonyme
+ # NOTE: mémo :
+ # GRANT USAGE ON *.* TO 'root'@'*' IDENTIFIED WITH auth_socket;
+ # CREATE USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
+ # UPDATE mysql.user SET Password='' WHERE user='root';
+ # DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost', '127.0.0.1', '::1');
+ sudo mysql -u root --batch --verbose <<-EOF
+ DELETE FROM mysql.user WHERE user = 'root' and plugin = '';
+ GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH auth_socket;
+ UPDATE mysql.user SET grant_priv='Y',super_priv='Y' WHERE user='root';
+ DELETE FROM mysql.db WHERE user = '';
+ DELETE FROM mysql.user WHERE user = '';
+ FLUSH PRIVILEGES;
+ EOF
+ ;;
+ esac
esac
}
+rule_mysql_db_add () { # SYNTAX: $user $db
+ sudo mysql --batch -u root <<-EOF
+ DROP DATABASE IF EXISTS $db;
+ CREATE DATABASE $db CHARACTER SET utf8 COLLATE utf8_general_ci;
+ GRANT ALL PRIVILEGES ON $base.* TO '$user'@'localhost' IDENTIFIED WITH auth_socket;
+ FLUSH PRIVILEGES;
+ EOF
+ }
+rule_mysql_user_add () { # SYNTAX: $user
+ sudo mysql --batch -u root <<-EOF
+ DROP USER '$user'@'localhost';
+ CREATE USER '$user'@'localhost' IDENTIFIED WITH auth_socket;
+ EOF
+ }
rule_network_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF
$vm
"$tool"/etc/skel/etc/mail/delivery.procmailrc \
/etc/skel/etc/mail/delivery.procmailrc
}
-rule_runit_configure () {
+rule_runit_configure () { # SYNTAX: $service
rule apt_get_install runit
local -; set +f
for sv in ${1-/etc/service/*}