Posted by: hjj
Posted on: 2006-11-13 12:27:00
Within my Dreamhost account I host several domains. Each domain has it's own user (with it's own WebId). Some users have a (or more) database(s). If I grant a user access to his or her database (via Billing-->Privileges) that user can not only access his or her own databases but can also delete databases of other users. Which in my opinion can pose a problem. Does anybody know how I can resolve this problem?
Posted by: rlparker
Posted on: 2006-11-13 12:38:00
You must be seeing a different version of the panel than I am seeing, because my panel lets you specify, via check boxes, *which* databases a user can access.
Granted, one of the "checkboxes" is labeled "All current and future databases", which, if checked would let them "not only access his or her own databases but also delete databases of other users" but you have to have this checked for that to be an exposure.
Just *don't* check that box; only check the box for the database(es) you want them to be able to control.
--rlparker
Posted by: hjj
Posted on: 2006-11-13 12:54:00
My panel has the same checkboxes. I have only checked the boxes corresponding to the databases of that user. "All current and future databases" is unchecked. If the user logs into his panel and goes to Manage MySQL there is a list of databases he owns ("Database(s) on this server:") But there is also a list "Hostname(s) for this MySQL server:" which lists all the databases on the server (i.e. also the databases of other users) Within this last list the user can delete any database he wants. And I don't really like that.
Posted by: kchrist
Posted on: 2006-11-13 14:09:00
Did you actually verify that this user can delete databases that it should be able to? If so, report it as a bug.
I ask because sometimes less privileged users are shown options in the panel that don't actually work, although there's no indication that they don't until they try to do it. It's been a while, but I seem to recall logging in as a less privileged user and being surprised that I could add domains outside of the one I had given this user access to. So I tried it and got an error message only after attempting to add a new one.
Posted by: hjj
Posted on: 2006-11-13 14:15:00
I thought that too. But I tried and unfortunately the user can indeed delete any database he wants. I will report it as a bug. I thought maybe I missed something. But probably I didn't.
Posted by: rlparker
Posted on: 2006-11-13 14:31:00
Aha! I see what you are saying, to a certain degree, in that they are shown the *hosts* (not the databases, at least on mine). I went on to do some further experimenting:
Under the hosts section, they can enter the host (via phpMyAdmin link) with their user and password, but are only shown *their* databases (they cannot see databases assigned to other users). They *can* (using the "x" link) "delete" the host names used with other databases, but in my tests it has no effect on the availability of the host if it is defined as a host for another user. The connection still works, either programmatically or via phpMyAdmin, even though it no longer shows up on *either* user's panel screen as a host (which is weird!).
What is even "weirder", is that if you (as "master user") or the *other* user then go back using your or *the other user's* panel, and try to "re-add" the hostname, you/they are told it already exists. 
. DH is doing something behind the scenes (wildcard DNS?) with the hostnames that is not completely transparent from the panel screens.
As it is, I don't see any real exposure here, as users can only access the *databases* they "own", and their "deleting" of other hostnames appears to have no affect on the use of those hostnames for the databases that reference them - but I agree it *does not* look right that they can see the other host names.
This looks like a good candidate for a support ticket
.
--rlparker
Posted by: rlparker
Posted on: 2006-11-13 14:33:00
I was only able to delete hosts, and I could not even see any other databases than those authorized from the panel for the "sub-user", let alone delete them. Are you sure you are not confusing "hosts" with "databases"? Either way, I still think you have pointed out that it is "buggy" as the whole host name thing works very strangely (see my previous post)
--rlparker
Posted by: hjj
Posted on: 2006-11-13 14:45:00
You are absolutely right. The database has not been destroyed at all. Allthough the panel suggests otherwise. When the "other user" deletes a database the panel says that the database wil be destroyed completely. And I believed it. But it has not been changed in any way.
Thanks for your experimenting.
Posted by: rlparker
Posted on: 2006-11-13 15:14:00
Hey, no problem! Thank YOU for pointing out how strangely it is working 
.
I'm still trying to figure out how you got "user a" able to see databases owned by "user b". I can't get that to happen on my end; my "user a" can only see the "shared" hostname(s), not "user b"'s databases (which is *good*, but I can't understand why it is different than what you are seeing 
)
--rlparker
Posted by: hjj
Posted on: 2006-11-13 15:23:00
You are right. User a sees hostnames, not databases. It is my confusion. Because of the "delete" action. Which mentions destroying of databases.