Yeah, but there's also a third permission scheme that I hadn't been properly aware of. There's also the internal user/group SQL permission scheme in the USER_NAME & USER_PERMS tables.
I was using the imported SQ data on a new machine who's users didn't conform exactly to the old machine's Linux users. The query failures I mentioned before, a "where()" query clause that always evaluates as NULL and so blocked access to all carts when I tried to use rdlibrary. The reason is that although someone may have permission to run the rivendell tools, like rdlibrary, they are not necessarily allowed to execute the mysql query that populates the tool's window. For example, linux user JohnDoe on the original machine may have rivendell permission to run rivendell tools, but he may be constrained to only manipulate carts of type TALK, NEWS-L and ARTS-N, and not be allowed to see/edit carts of type MACROS, or VOICETRACK, etc., according to the data in the USER_PERMS table. The result is that even though I was able to run the tool on the new, I was not in the installed USER_PERMS table and so had no permission to access any group of carts at all, and so never saw anything in the rdlibrary tool. The new rivendell seems, so far, to have migrated/updated OK. The problem was that my expectations were off kilter, not the tool. JE On Mon, 2017-05-08 at 09:15 -0400, Rob Landry wrote: > There are two distinct user names: the Linux one, which is 'rivendell' by > default; and the MySQL user name, which by default is 'rduser'. > > 'rivendell' is typically set up as a 'system' user; that is, it has no > login shell so you can't actually log in as, or su to, 'rivendell'. This > user should own /var/snd and all that is in it, and should be a member of > the 'audio' group and any other groups you may want it to belong to. > > The MySQL 'rduser' by default has the password 'letmein'; it should have > unlimited rights to the 'Rivendell' database. > > Both user names are defined in /etc/rd.conf. > > > Rob > > -- > Я там, где ребята толковые, > Я там, где плакаты "Вперёд", > Где песни рабочие новые > Страна трудовая поёт. > > On Fri, 5 May 2017, John Edstrom wrote: > > > Well, its a totally new machine, a sort of a sandbox, so the hostname is > > different. I fixed that so the hostname on the new machine is the same > > as the original. Didn't help though. > > > > But, I did figure out that the null query clause screwing up the queries > > was the RDUser name. For some reason the new rig isn't picking up the > > proper rd-user ID from my environment, or wherever its supposed to come > > from, so that all queries were running as if from an unprivileged user. > > Even though I do have the right credentials to run the RD tools, I don't > > have privs to do certain queries in mysql. > > > > Is there documentation anywhere discussing how the linux user's ID maps > > to rivendell user roles? I still don't have it quite right. > > > > > > JE > > > > On Fri, 2017-05-05 at 23:38 -0400, Rob Landry wrote: > >> On Wed, 3 May 2017, John Edstrom wrote: > >> > >>> Some additional information, when I try to run the query from a > >>> terminal, I see the error message "QSqlQuery::value: not positioned on a > >>> valid record" five times, the number of letters in 'MUSIC', as it does a > >>> search for each letter entered. > >> > >> Have you by any chance changed the host name? I've occasionally had that > >> cause problems. > >> > >> > >> Rob > >> > >> -- > >> Я там, где ребята толковые, > >> Я там, где плакаты "Вперёд", > >> Где песни рабочие новые > >> Страна трудовая поёт. > > > > -- > > John Edstrom <[email protected]> > > Firebare > > -- John Edstrom <[email protected]> Firebare _______________________________________________ Rivendell-dev mailing list [email protected] http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
