X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/journal.php?a=blobdiff_plain;f=vm_hosted;h=806face80c33782428bb66ae39800331869908fb;hb=f9ba7dd1602369f2e919736402c80bbe6eb06d8a;hp=134b5399bb1a1767b58f2882928b73038f03297a;hpb=f9f38c0fa14e92f14544569388212fb618b517fe;p=lhc%2Fateliers.git

diff --git a/vm_hosted b/vm_hosted
index 134b539..806face 100755
--- a/vm_hosted
+++ b/vm_hosted
@@ -717,28 +717,66 @@ rule_mysql_configure () {
 	 --disabled-password \
 	 --group \
 	 --home /home/mysql/data \
+	 --no-create-home \
 	 --shell /bin/false \
 	 --system
 	sudo usermod --home /home/mysql mysql
 	sudo adduser mysql mysql-data
-	sudo install -m 640 -o mysql -g mysql \
+	sudo install -m 644 -o mysql -g mysql \
 	 "$tool"/etc/mysql/my.cnf \
 	        /etc/mysql/my.cnf
 	sudo install -d -m 751 -o mysql -g mysql \
 	 /home/mysql
-	sudo install -d -m 750 -o mysql-data -g mysql-data \
-	 /home/mysql/data
-	if test ! -d /home/mysql/data
+	if sudo test ! -d /home/mysql/data
 	 then
+		sudo install -d -m 750 -o mysql -g mysql-data \
+		 /home/mysql/data
 		sudo -u mysql mysql_install_db \
 		 --no-defaults \
 		 --datadir=/home/mysql/data
 	 fi
 	sudo service tmpfs restart
 	case $(sudo sv status mysql || true) in
-	 (run:*) sudo sv restart mysql
+	 (''|run:*|*"s, normally up;"*)
+		sudo sv restart mysql
+		case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
+		 ("/run/mysqld/sock/ CREATE mysql")
+			# NOTE:
+			# - ajoute l'accès par socket Unix à root
+			# - supprime l'accès par mot-de-passe à root
+			# - supprime les bases de données de l'utilisateurice anonyme
+			# - supprime l'utilisateurice anonyme
+			# NOTE: mémo :
+			#   GRANT USAGE ON *.* TO 'root'@'*' IDENTIFIED WITH auth_socket;
+			#   CREATE USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
+			#   UPDATE mysql.user SET Password='' WHERE user='root';
+			#   DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost', '127.0.0.1', '::1');
+			sudo mysql -u root --batch --verbose <<-EOF
+				DELETE FROM mysql.user WHERE user = 'root' and plugin = '';
+				GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH auth_socket;
+				UPDATE mysql.user SET grant_priv='Y',super_priv='Y' WHERE user='root';
+				DELETE FROM mysql.db   WHERE user = '';
+				DELETE FROM mysql.user WHERE user = '';
+				FLUSH PRIVILEGES;
+				EOF
+			;;
+		 esac
 	 esac
  }
+rule_mysql_db_add () { # SYNTAX: $user $db
+	sudo mysql --batch -u root <<-EOF
+		DROP   DATABASE IF EXISTS $db;
+		CREATE DATABASE $db CHARACTER SET utf8 COLLATE utf8_general_ci;
+		GRANT ALL PRIVILEGES ON $base.* TO '$user'@'localhost' IDENTIFIED WITH auth_socket;
+		FLUSH PRIVILEGES;
+		EOF
+ }
+rule_mysql_user_add () { # SYNTAX: $user
+	sudo mysql --batch -u root <<-EOF
+		DROP   USER '$user'@'localhost';
+		CREATE USER '$user'@'localhost' IDENTIFIED WITH auth_socket;
+		EOF
+ }
 rule_network_configure () {
 	sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF
 		$vm
@@ -1137,7 +1175,7 @@ rule_procmail_configure () {
 	 "$tool"/etc/skel/etc/mail/delivery.procmailrc \
 	        /etc/skel/etc/mail/delivery.procmailrc
  }
-rule_runit_configure () {
+rule_runit_configure () { # SYNTAX: $service
 	rule apt_get_install runit
 	local -; set +f
 	for sv in ${1-/etc/service/*}