fix: site creation using non-root users #19014

ankush · 2022-11-26T06:59:51Z

make sure non-root user you do end up using has all privileges + with grant option.

codecov · 2022-11-26T07:11:13Z

Codecov Report

Merging #19014 (928616a) into develop (4661083) will increase coverage by 0.02%.
The diff coverage is 50.00%.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #19014      +/-   ##
===========================================
+ Coverage    63.45%   63.47%   +0.02%     
===========================================
  Files          750      750              
  Lines        67633    67819     +186     
  Branches      6027     6027              
===========================================
+ Hits         42914    43046     +132     
- Misses       21259    21313      +54     
  Partials      3460     3460

Flag	Coverage Δ
server-mariadb	`67.29% <50.00%> (-0.01%)`	⬇️
server-postgres	`67.30% <0.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

(cherry picked from commit 263055e)

(cherry picked from commit 263055e) Co-authored-by: Ankush Menat <ankush@frappe.io>

pha3z · 2022-12-01T21:25:22Z

Please tell me when you say "all privileges" that you only mean "all privileges to the specific database". Also, why would the WITH GRANT OPTION even be necessary? That makes it sound like the new-site script is going to create a new user and grant permissions to it.

ankush · 2022-12-02T06:39:07Z

@pha3z if the root user you use doesn't have grant option it can't grant permission to newly created user to newly created database 🤷

That makes it sound like the new-site script is going to create a new user and grant permissions to it.

That's exactly what it does.

If you dont like it you'd have to create database + a user manually and pass that info to bench new-site --db-name xx --db-password yy

# [14.18.0](v14.17.1...v14.18.0) (2022-12-06) ### Bug Fixes * attribute error on export of reports with additional columns ([#19105](#19105)) ([2b43d5b](2b43d5b)) * check for bad zip files during unzipping in file doctype ([#19058](#19058)) ([#19060](#19060)) ([96c928e](96c928e)) * **db_query:** Disallow usage of certain functions in *_by ([#18981](#18981)) ([#19135](#19135)) ([5376755](5376755)) * **db_query:** Space resilient sanitization (backport [#18996](#18996)) ([#19045](#19045)) ([ab8422f](ab8422f)) * disable signups by default (backport [#19114](#19114)) ([#19118](#19118)) ([3dd2775](3dd2775)) * do not escape undefined txt ([86267e9](86267e9)) * empty search shows `None` ([#19055](#19055)) ([#19057](#19057)) ([1cd0bc2](1cd0bc2)) * ensure correct parenttype when retrieving roles ([af55da9](af55da9)) * give more weight to sequential matches ([#19121](#19121)) ([#19122](#19122)) ([16f642f](16f642f)) * ignore empty/`None` scripts ([#19111](#19111)) ([#19113](#19113)) ([2a96757](2a96757)) * keep actions on right ([7d3e47b](7d3e47b)) * LDAP - check each email in list before creating user ([250f787](250f787)) * only check for special characters in fieldname ([#19061](#19061)) ([#19065](#19065)) ([de0facc](de0facc)), closes [#18965](#18965) * only System Manager can access Google Drive ([05be9ee](05be9ee)) * Optimize check field type is tab break if the doctype has a workflow ([#18858](#18858)) ([d9ce6c1](d9ce6c1)) * site creation using non-root users ([#19014](#19014)) ([#19043](#19043)) ([844e744](844e744)) * socketio spawn error ([#19070](#19070)) ([#19071](#19071)) ([75a54eb](75a54eb)) * type conversion for read receipt in communication email ([e0f7dd4](e0f7dd4)) * use permtype from passed arguments in has_web_form_permission when applying document permissions ([91c99d2](91c99d2)) * use webform doctype rather than allowing user to pass any doctype ([2be3178](2be3178)) * **UX:** freeze on delete ([#19094](#19094)) ([dd4791a](dd4791a)) * **UX:** Make fetch_from read_only if fetch_is_empty is not set ([#19025](#19025)) ([#19041](#19041)) ([feed227](feed227)) * Widget control on dashboard chart breaks on smaller screens ([d6dedca](d6dedca)) ### Features * **workers:** many small RQ worker features (backport [#18995](#18995)) ([#19046](#19046)) ([37dbada](37dbada))

(cherry picked from commit 263055e) Co-authored-by: Ankush Menat <ankush@frappe.io>

# [14.18.0](frappe/frappe@v14.17.1...v14.18.0) (2022-12-06) ### Bug Fixes * attribute error on export of reports with additional columns ([frappe#19105](frappe#19105)) ([2b43d5b](frappe@2b43d5b)) * check for bad zip files during unzipping in file doctype ([frappe#19058](frappe#19058)) ([frappe#19060](frappe#19060)) ([96c928e](frappe@96c928e)) * **db_query:** Disallow usage of certain functions in *_by ([frappe#18981](frappe#18981)) ([frappe#19135](frappe#19135)) ([5376755](frappe@5376755)) * **db_query:** Space resilient sanitization (backport [frappe#18996](frappe#18996)) ([frappe#19045](frappe#19045)) ([ab8422f](frappe@ab8422f)) * disable signups by default (backport [frappe#19114](frappe#19114)) ([frappe#19118](frappe#19118)) ([3dd2775](frappe@3dd2775)) * do not escape undefined txt ([86267e9](frappe@86267e9)) * empty search shows `None` ([frappe#19055](frappe#19055)) ([frappe#19057](frappe#19057)) ([1cd0bc2](frappe@1cd0bc2)) * ensure correct parenttype when retrieving roles ([af55da9](frappe@af55da9)) * give more weight to sequential matches ([frappe#19121](frappe#19121)) ([frappe#19122](frappe#19122)) ([16f642f](frappe@16f642f)) * ignore empty/`None` scripts ([frappe#19111](frappe#19111)) ([frappe#19113](frappe#19113)) ([2a96757](frappe@2a96757)) * keep actions on right ([7d3e47b](frappe@7d3e47b)) * LDAP - check each email in list before creating user ([250f787](frappe@250f787)) * only check for special characters in fieldname ([frappe#19061](frappe#19061)) ([frappe#19065](frappe#19065)) ([de0facc](frappe@de0facc)), closes [frappe#18965](frappe#18965) * only System Manager can access Google Drive ([05be9ee](frappe@05be9ee)) * Optimize check field type is tab break if the doctype has a workflow ([frappe#18858](frappe#18858)) ([d9ce6c1](frappe@d9ce6c1)) * site creation using non-root users ([frappe#19014](frappe#19014)) ([frappe#19043](frappe#19043)) ([844e744](frappe@844e744)) * socketio spawn error ([frappe#19070](frappe#19070)) ([frappe#19071](frappe#19071)) ([75a54eb](frappe@75a54eb)) * type conversion for read receipt in communication email ([e0f7dd4](frappe@e0f7dd4)) * use permtype from passed arguments in has_web_form_permission when applying document permissions ([91c99d2](frappe@91c99d2)) * use webform doctype rather than allowing user to pass any doctype ([2be3178](frappe@2be3178)) * **UX:** freeze on delete ([frappe#19094](frappe#19094)) ([dd4791a](frappe@dd4791a)) * **UX:** Make fetch_from read_only if fetch_is_empty is not set ([frappe#19025](frappe#19025)) ([frappe#19041](frappe#19041)) ([feed227](frappe@feed227)) * Widget control on dashboard chart breaks on smaller screens ([d6dedca](frappe@d6dedca)) ### Features * **workers:** many small RQ worker features (backport [frappe#18995](frappe#18995)) ([frappe#19046](frappe#19046)) ([37dbada](frappe@37dbada))

fix: site creation using non-root users

928616a

github-actions bot added the add-test-cases Add test case to validate fix or enhancement label Nov 26, 2022

ankush removed the add-test-cases Add test case to validate fix or enhancement label Nov 26, 2022

ankush added the defer backport Backports for some PR are deferred for a week or two to test them properly before releasing label Nov 26, 2022

ankush marked this pull request as ready for review November 26, 2022 07:15

ankush requested review from a team and phot0n and removed request for a team November 26, 2022 07:15

ankush merged commit 263055e into develop Nov 26, 2022

ankush deleted the non_root_root_users branch November 26, 2022 07:16

ankush added backport version-14-hotfix backport to version 14 and removed defer backport Backports for some PR are deferred for a week or two to test them properly before releasing labels Nov 29, 2022

mergify bot mentioned this pull request Nov 29, 2022

fix: site creation using non-root users (backport #19014) #19043

Merged

mergify bot pushed a commit that referenced this pull request Nov 29, 2022

fix: site creation using non-root users (#19014)

6a3b34f

(cherry picked from commit 263055e)

ankush added a commit that referenced this pull request Nov 29, 2022

fix: site creation using non-root users (#19014) (#19043)

844e744

(cherry picked from commit 263055e) Co-authored-by: Ankush Menat <ankush@frappe.io>

SaiFi0102 pushed a commit to ParaLogicTech/frappe that referenced this pull request Dec 16, 2022

fix: site creation using non-root users (frappe#19014) (frappe#19043)

84a99d3

(cherry picked from commit 263055e) Co-authored-by: Ankush Menat <ankush@frappe.io>

github-actions bot locked as resolved and limited conversation to collaborators Dec 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: site creation using non-root users #19014

fix: site creation using non-root users #19014

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix: site creation using non-root users #19014

fix: site creation using non-root users #19014

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!