Suspected CP bug

barry

Verified User
Joined
Jan 12, 2004
Messages
21
For my own particular reasons I am using the scripting sytem to create a user that has access to a user's database that I own and not the user. For the most part this is pretty easy to do, but I noticed a small inconsistency in the Control Panel.

If you create a user that has usage priveleges on another user's database it seems to show up in the control panel. The site owner can try and delete or change the password of this user, but will get the "That user does not belong to you" error.

However the user is free to add/subtract as many Acess Hosts as they want.

I would love it if the user was not able to edit the Access Hosts as well thus making the user completely out of their control, better yet is to have the user not even displayed in there control panel.

-Barry
 
Hello,

If you create a user that has usage priveleges on another user's database it seems to show up in the control panel
Are you doing that through DirectAdmin? Sounds like you're doing it manually.

String matching is used to determine which databases are to be shown. For the usernames on that database, it's queried from the mysql db, so a manually created user will show up. But if that user doesn't comply to the form "username_user", DA will refuse to do any changes.

John
 
I am not creating a the user through directadmin, I am doing it via a script. And I realize the naming convention and that DA CP will refuse to do changes.


But... Even though it is supposed to "refuse" any changes, it does allow changes to Access Hosts. Baed on your response it shouldn't allow that either.

-Barry
 
So, you're saying DA is adding/removing access hosts to the mysql user which you've created manually which does have permission on that database? That sounds reasonable to me.. but I can see why you might not want DA to add an access host to your custom user. The username check *can* be made.. the question is, what is the correct behavior for this:

1) The custom user has been granted access to the DB, and should be given the accesshosts that all users get on the DB
or
2) because the user is non-standard, the rules don't apply and should stay isolated from the actions of DA.

I'm leaning to #2 with you.. but comments are welcome.

John
 
I lean to number 2 as well, actually I count on it right now. Especially since the user can't omdify any other part of the user.

-Barry
 
Ok, I'll add the username check for users who have been granted access to the db but do not follow the username convention.

John
 
Back
Top