Where in moodle 2.6.1 database (mysql) i can find info about user permissions ?
When user creates account he has permission (logged user), how to change via database that permission to student ?
Thanks for help , best regards
Oh the capabilities are complex.
I wouldn't change it via SQL - use the site admin instead to change permissions
http://docs.moodle.org/26/en/Override_permissions
Related
I'm hosting a Wordpress instance on a VPS with MariaDB. Everything seemed to work fine until now where I will try to log into my account but it says,
The username {name} is not registered on this site. If you are unsure of your username, try your email address instead.
I've never gotten this error before so I checked the MariaDB and the user is in the wp_users table. I even changed the password to make sure the password was correct. Any help is appreciated! and thank you in advance.
You can also create a new admin user from SSH access into your VPS.
For this:
Go to your website root directory.
Run the following command:
wp user create $username $emailaddress –role=$role
Be sure to replace the ($username and $emailaddress) example values with your own custom values and ($role) the role you would like the user to be configured with. When the command completes running, a password will be returned, as in the example output below:
exampl3#example.com [~/public_html]# wp user create exampl3
admin#example.com –role=administrator Success: Created user 2enter
code here Password: srWCdc3c*(&b
Refer to the table below, to determine what each role’s capabilities are. This will help you to choose which role to set as the user in the command above.
Role Description
Super Admin Can access all administration features (including site
network administration). Administrator => Can access all
administration features (within a single site). Editor => Can publish
and manage posts (including posts by other users). Author => Can
publish and manage their own posts. Contributor => Can write and
manage their own posts (but cannot publish). Subscriber => Can only
manage their profile.
After creating your account, try to log in again.
Hope this will fix your issue.
Regards
I need to work with a site where they don't remember the super admin password and user name. I can access to the database but with a no full access account.
If I have access to all the files in php my admin, can I get the password and the user name of the super admin?
This depends on how much access to the MySQL services on the server you can get. Try looking up "How to Reset MySQL Root password."
On top of what Tony Arnold said, you should be able to find the super admin pass within the MySQL database (of course depending on the database as stated above) this might help you:
https://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password%3F#Method_1:_configuration.php_file
I need to create a user in php myadmin.
Say user -> aaa and Password -> aaa123
Now I want this new user aa to access only one database out of the multiple database in the phppmyadmin.
Any suggestion is mst welcomed.
Create the user with only that database permission.
use the command:
grant all on db_name.* to 'username'#'localhost';
Thanks
You mean to say that a single database of your choice is displayed in phpmyadmin and not all the databases in the phpmyadmin , for several reasons.
Well , answer for this is Yes , you can do that.
You need to install phpmyadmin in your server settings account, click on server settings , and then "Add the list of severs to be allowed in that "list.
In my mysql server i have a database named "joomla". But http://localhost/joomla gives "Error displaying the error page: Application Instantiation Error". I want to check that whether i provide the correct user name and password in configuration.php file. For this i need to find out which user have permissions on joomla database. So how can i find out that?
Thanks
Login to the mysql server using an account that has adequate permissions and use show grants for <name> to get list of permitted DBs.
You won't be able to find the MySQL passwords this way though.
Say you created a blog application, and it's data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever
Now, when users start using your blog to access, post to, and comment on threads, etc... I am assuming they connect as root through the application myblog ...
So... users connect to the application myBlog who in turn connects to MySQL as user root , using password whatever --- it's not really the users that are connecting to MySQL, it's the application. Correct?
Is there not a security issue with this approach? Should I create a new username in MySQL for the application myBlog with specific privileges and leave root only for administering the database?
yes, the application connects to the db. you should create a new mysql user for your application, do something like
CREATE DATABASE myblog_env;
CREATE USER 'myblogenv-user'#'%' IDENTIFIED BY 'your pw';
GRANT ALL PRIVILEGES ON myblog_env.* TO 'myblogenv-user'#'%' WITH GRANT OPTION;
something like the above should do it. The 'env' part of the above is for if you want to create a new db for difference environments, like dev, stage, prod, whatever....
this way your application user has complete access to its db, but no other dbs in the mysql instance.
First of all, you should NEVER use the root account of a mysql database for anything else then admin work.
Second of all, in theory yes the user of your blog would be the "root" in your mysql database, but hopefully there is a lot of sanatizing and cleaning up in your blogs code before any queries are executed...anything else would be know as an "sql inject"
You are exactly right. This is called the principle of least privilege. You should give the application the minimum access rights that it needs to complete the job. This would not be root.
The short answer is: Yes.
Long answer:
Security: You should have a different user for your application than you do for yourself as the administator. That application user should only have read (and write if necessary) privileges on the specific database it needs to access. Also, it should not have privilege-granting privileges, nor drop table privileges, nor database creation/dropping privileges, nor anything else that is reserved for you.
Convenience: If you ever need to change your password, you don't want to have to change your application, and vice versa.