So, I'm not sure how useful or good of an idea this is, but I discovered it while setting up our mysql zenpack. By default, the ZenPack wants a root username/password to connect. I find this quite insecure, so I wanted to use my own account. I generated a regular account with no privileges on any database, and get the access denied error on the mysql db for that user, when Zenoss runs its queries. When I add select for mysql.*, the connection works fine. However, this still leaves me with an account containing privileges, when in theory none are required to do "show status" (what I believe the ZenPack is running to get data). So, I modified the python code on the check_mysql_stats.py script, on line 37/38:
37 self.conn = MySQLdb.connect(host=self.host, port=self.port, 38 db='', user=self.user, passwd=self.passwd) Essentially, I just deleted the phrase "mysql" from the db parameter. In my limited testing, this appears to work fine on our mysql 5.0 server. I haven't tried on 4.x yet, and don't have any running 5.1, or 6. However, it seems like removing the db dependency would enable people to use accounts with privileges only to authenticate, but not use any databases, resulting in a more secure database environment. Am I missing anything that would make this unadvisable? Geoff Franks Sr. Systems Administrator Hauptman Woodward Institute _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
