I would like to configure PhpMyAdmin to access only one database through one user.
I tried before to restrict access via .htaccess using this answer from 2013 but it did not work:
phpMyAdmin Block Access to Single Database
I hence tried by adding deny,allow rules as stated in this answer:
How do I restrict access to specific database user accounts in phpMyAdmin?
But it did not work too. I continue to access all users. I have read the documentation and rewrote the lines in config.inc.php as
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'deny user1 from all',
'deny user2 from all',
'allow user3 from all',
);
where user1 and user2 are users to deny, and user2 is user to allow. But I can still access with all users. I hence tried only
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
that should block access to all users, but I can still access with all users. I hence believe that /etc/phpmyadmin/config.inc.php is being overwritten in some way, since no change has effect, but I do not understand how.
Any idea on where to check?
Looks like you are allowing access to all users and then again you are trying to restrict some of the users, seems bit confusing.
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
The correct pattern should be deny access to all users and then provide explicit access to the specific user
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
Please refer the official document
https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_AllowDeny_order
The correct configuration should be something like this
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
$cfg['Servers'][$i]['AllowDeny']['rules'] = [
'allow user3 from all'
];
hope it works for you!
Related
I want to give access to users who have attribute with certain value.
Let's say I have "ou=protected,dc=example,dc=com" directory and I want it to be writable by any user with canAccessProtected attribute set to TRUE.
Something like
access to dn.subtree="ou=protected,dc=example,dc=com"
by users/canAccessProtected="TRUE" write
I've checked documentation and was unable to find a way, although I haven't grasped sets and few other things.
Is it possible to manage user access by attribute value? If yes, then how?
Create a dynamic group like:
dn:cn=protectedGroup,ou=groups,dc=example,dc=com
objectClass:top
objectClass:groupOfURLs
cn:protectedGroup
memberURL: ldap:///ou=users,dc=example,dc=com??sub?(canAccessProtected=TRUE)
Enable dynlist in your slapd.conf like:
overlay dynlist
dynlist-attrset groupOfURLs memberURL member
Grant write access to the members of that group:
access to dn.subtree="ou=protected,dc=example,dc=com"
by set="[cn=protectedGroup,ou=groups,dc=example,dc=com]/member & user" write
Add necessary ACL rules as you see fit.
I am trying to restrict edit functionality for the group 'test' but unable to do so. Below are the changes I made so far:
$wgGroupPermissions['test']['read'] = true;
$wgGroupPermissions['test']['edit'] = false;
The problem is, that you create a new group and you want to revoke a permission for this group. $wgGroupPermissions isn't made to revoke permissions. Permissions granted via $wgGroupPermissions are cumulative, which means, that the permissions of all groups a user belongs to, reflects the permissions, the user has. If you set the edit permission of a group to false, and another group (e.g. user) has the edit permissions (set to true), the user (who belongs to both groups) will have the permission to edit. That's (maybe) a bit better explained on the Manual page (see the link above).
To achieve what you want, you need to:
Remove any other group with the edit permission from the user (that's not a good idea, if you have any other groups with special rights you get a really confusing and complex construct of permission management)
Use $wgRevokePermissions instead, see the example about how to revoke the edit permission for a group
Example to achieve what you want:
// inherit all rights from the user group
$wgGroupPermissions['test'] = $wgGroupPermissions['user'];
// revoke the edit permission for users in the group test
$wgRevokePermissions['test']['edit'] = true;
I hope that helps!
In MediaWiki, all users (including anonymous visitors) automatically belong to the group *, and all registered users (i.e. not anons) belong to the group user. By default, both of these automatic groups have the edit permission set to true, so every user can automatically edit pages.
To restrict editing to only certain users, you first need to remove those automatic edit rights by adding the following lines to your LocalSettings.php:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
Now only users in groups that have the edit permission set to true can edit pages. There are no such groups by default, so to let anyone edit anything on your wiki, you'll have to add a few more lines to LocalSettings.php. For example, here's how to let admins (i.e. users in the group sysop) edit pages:
$wgGroupPermissions['sysop']['edit'] = true;
Alternatively, as already noted by Florian, you could use $wgRevokePermissions to remove editing rights from certain users. For example, here's how to allow all registered users, except those in the group blocked, to edit:
$wgGroupPermissions['*']['edit'] = false; // anons can't edit
$wgGroupPermissions['user']['edit'] = true; // normal users can edit
$wgRevokePermissions['blocked']['edit'] = true; // "blocked" users cannot
(Of course, the built-in user blocking feature in MediaWiki accomplishes this much better.)
Another option, if you wish to restrict editing only in certain namespaces, would be to use $wgNamespaceProtection, which lets you define a custom user right needed to edit pages in certain namespaces. For example, to allow only users in the custom group editor to edit pages in the main namespace, you could use:
$wgNamespaceProtection[NS_MAIN] = array( 'edit-main' );
$wgGroupPermissions['editor']['edit-main'] = true;
With access sysop and database access how do I change the Email address associated with a user?
The user table in the database has everything encoded as BLOBs. If I can decode and encode those values presumably I can just update user.user_email.
UPDATE user SET user_email='foo#bar.com' WHERE user_id=... should just work. However, if you need to also set the confirmed flag, see instructions here (replace the mwscript line with php maintenance/eval.php). If you need to set their email only so that they could reset their password, see https://www.mediawiki.org/wiki/Manual:Resetting_passwords
You can get a current list of users and emails like this (i.e. decode):
SELECT Cast(user_name AS CHAR), Cast(User_Email AS CHAR) FROM user;
MaxSem's answer did not work for me, but here is a MediaWiki maintenance script (introduced in v1.27) that'll do the trick: https://www.mediawiki.org/wiki/Manual:ResetUserEmail.php
Go to the base directory of your wiki, and type something like this:
php maintenance/resetUserEmail.php uuuu new#email.address
to change user uuuu's email address to new#email.address. By default, this will change the user's password so that the user has to reset it, which can usually be done on the wiki website. You might need to add user name and password for database access, e.g.:
php maintenance/resetUserEmail.php --dbuser myuser --dbpass wordpass uuuu new#email.address
In skins/Vector.php I can hide toolbox from logged out user
by adding
global $wgUser;
then
case 'TOOLBOX':
if ( $wgUser->isLoggedIn() ) {
$this->renderPortal( 'tb', $this->getToolbox(), 'toolbox', 'SkinTemplateToolboxEnd' );
}
but User::isSysop() and similar are deprecated. It is recommended to use $user->isAllowed instead to specify a right, but how do I use this to specify the admin and bureaucrat group? Should I use some other function?
MediaWiki 1.22.2
PHP 5.3.6-13ubuntu3.10 (apache2handler)
MySQL 5.1.69-0ubuntu0.11.10.1-log
User::isAllowed() asks for a permission to do something, not for a user group (which leaves it up to the wiki admin to assign different rights to different user groups). In your case, you would want a new user permission, “see-toolbar”,or something like that, that you assign to e.g. the sysop user group in LocalSettings.php:
$wgGroupPermissions['sysop']['see-toolbar'] = true;
Your extension will also have to add the right to the list of available rights: $wgAvailableRights[] = 'see-toolbar';
Finally, you will ask for the permission like this:
if ( $user->isAllowed('see-toolbar') ) {
print toolbar here
}
More info on how to set user rights: https://www.mediawiki.org/wiki/Manual:User_rightser
Other extensions adding user rights: https://www.mediawiki.org/wiki/Category:Extensions_which_add_rights
Be aware that any user will still be able to bypass this restriction in a number of ways, e.g. by switching skin in their settings (or by appending ?useskin=skinname in the url). You probably want to make sure that sidebar caching is switched off too (it is off by default).
I need help to quickly add about >100 username and password to a locally installed Wordpress.
I have a list of usernames in text file, and I'd let each password to be equal to username (or someother function if equal is not allowed by Wordpress).
Is there a way I can programmatically add users to Wordpress? I have access to wordpress database if that helps.
Thanks.
If you don't want to use a plugin and you have your users and passwords stored in an array, simply throw it into a loop and use the 'wp_create_user' function. It takes 3 parameters (username, password and email). It will return the ID if successful and false if not.
http://codex.wordpress.org/Function_Reference/wp_create_user
Check out this plugin, it will let you import users from a csv which is basically what you're looking to do:
http://www.dagondesign.com/articles/import-users-plugin-for-wordpress/