Bitten in the arse by security

Today I have frighted security. In 2 ways.

First I had to move a mysql database from one server to another. And then still running the application on the original server.

First I could not connect to the new server at all – but that was quickly found out to be a litte firewall problem. And easily fixed.

Then I could not get in with the right password. I could connect with another user, but not the database user for the application. And this was due to the fact that there was a entry in the user table with the hostname of the old server without any user. The order that mysql checks the connection is a bit weird (full doc here) but first it checks user/host and then “any user”/host, and then it checks user/”any host” so the fact that the system has a wildcard for any user from the host with another password that I expected throw me off.

Then I could connect from the command line with mysql, I could run my perl application without any problem. But the web-frontend did not work.

And it took me quite some time to figure out that it was all down to SE Linux. It will by default block the http daemon from making network connections. So even if you had php set up right and could do it from the command line (when running a php script there) it would not work from a webpage ūüôĀ

So one has to disable this – you can do it with the command (as root):

as root and now it all works.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.