openSUSE Phpmyadmin
Vahis
I have MySQL running and I can make databases, tables, users and so on
from the mysql console.
I'm having the following problems:
Here's the page that I've tried to follow, the official wiki
http://wiki.cihar.com/pma/Setup
At this point where it says: Next, open
http://localhost/phpmyadmin/scripts/setup.php in your browser.
There's no such directory. The setup.php script can be found in
/srv/www/htdocs/phpMyAdmin/libraries/dbg/setup.php
Browsing http://localhost/phpMyAdmin/libraries/dbg/setup.php
403:
You don't have permission to access the requested object. It is either
read-protected or not readable by the server.
Should I change that file's permissions? To what? World?
Or should it be copied somewhere else to be run?
Also then perhaps change its permissions?
Vahis
--
I'm remodeling my site to train new things:
http://waxborg.servepics.com
"The only thing more expensive than training is the lack of it"
Henry Ford
Nikos Chantziaras
> I installed Phpmyadmin in openSUSE 10.3.
>
> I have MySQL running and I can make databases, tables, users and so on
> from the mysql console.
>
> I'm having the following problems:
>
> Here's the page that I've tried to follow, the official wiki
> http://wiki.cihar.com/pma/Setup
>
> At this point where it says: Next, open
> http://localhost/phpmyadmin/scripts/setup.php in your browser.
>
> There's no such directory. The setup.php script can be found in
> /srv/www/htdocs/phpMyAdmin/libraries/dbg/setup.php
>
> Browsing http://localhost/phpMyAdmin/libraries/dbg/setup.php
>
> 403:
> You don't have permission to access the requested object. It is either
> read-protected or not readable by the server.
>
> Should I change that file's permissions? To what? World?
> Or should it be copied somewhere else to be run?
> Also then perhaps change its permissions?
phpMyAdmin is installed differently on openSUSE than the default when
you install from the official tar.gr. The configuration file should be
somewhere in /etc/ and you have to edit it by hand.
I recommend installing the latest official tar.gz instead of the
openSUSE packaged RPM.
Vahis
> Vahis wrote:
<snip>
>> Browsing http://localhost/phpMyAdmin/libraries/dbg/setup.php
>>
>> 403:
>> You don't have permission to access the requested object. It is either
>> read-protected or not readable by the server.
>>
>> Should I change that file's permissions? To what? World?
>> Or should it be copied somewhere else to be run?
>> Also then perhaps change its permissions?
>
> phpMyAdmin is installed differently on openSUSE than the default when
> you install from the official tar.gr. The configuration file should be
> somewhere in /etc/ and you have to edit it by hand.
So you are basically saying that the script does not work in Suse?
>
> I recommend installing the latest official tar.gz instead of the
> openSUSE packaged RPM.
Do you have a reason for that recommendation?
Is there something wrong in the "Suse way"
I've wondered this a lot of times before.
In Suse many files are in different places than original.
But since they seem to be different in every distro, so why not just
accept the Suse way? There's usually also "Ubuntu way" and "Name your
distro way" but I'd like to stick with openSUSE :)
I'm trying to keep my Suse installations "as Suse as possible".
This way I (think) I have the security pacthes coming from Suse as they
should.
I don't have much "self maintained" stuff on my boxes. But even the
small number of such programs tend to be unmaintained more or less.
This whole thing (openSUSE-MySQL-Php) seems to be an interesting and not
well documented area.
As much as I hear of security risks and possible vulnerabilities in Php
I'm a bit afraid of the whole thing here. But still I'd like to learn
new things :)
Vahis
Remodeling my site to train new things:
http://waxborg.servepics.com
--
houghi
> phpMyAdmin is installed differently on openSUSE than the default when
> you install from the official tar.gr. The configuration file should be
> somewhere in /etc/ and you have to edit it by hand.
Yes.
> I recommend installing the latest official tar.gz instead of the
> openSUSE packaged RPM.
No. That way you won't get security updates and it is abslutely not
needed. openSUSE always installs webstuff in /srv/www/htdocs so see if
it is there. If not, you run Vista.
/srv/www/htdocs should be your default http://localhost
As the subdirectory is phpMyAdmin, you should get there with
http://localhost/phpMyAdmin
Obviously your Apache is running. If not, you sort that out first.
What I have done is edited a virtual host (I believe you understand that
concept)
<VirtualHost *:80>
DocumentRoot "/media/hda2/srv/www/htdocs/phpMyAdmin"
ServerName php
<Directory "/media/hda2/srv/www/htdocs/phpMyAdmin/">
Allow from localhost
</Directory>
</VirtualHost>
That way I just type php instead of http://localhost/phpMyAdmin
So just go to http://localhost/phpMyAdmin
After that just follow http://houghi.org/wink/vahis_movie.htm
houghi
--
First we thought the PC was a calculator. Then we found out how to turn
numbers into letters with ASCII and we thought it was a typewriter. Then
we discovered graphics, and we thought it was television. With the World
Wide Web, we've realized it's a brochure. -- Douglas Adams.
Vahis
> Nikos Chantziaras wrote:
>> phpMyAdmin is installed differently on openSUSE than the default when
>> you install from the official tar.gr. The configuration file should be
>> somewhere in /etc/ and you have to edit it by hand.
>
> Yes.
>
>> I recommend installing the latest official tar.gz instead of the
>> openSUSE packaged RPM.
>
> No. That way you won't get security updates and it is abslutely not
> needed. openSUSE always installs webstuff in /srv/www/htdocs so see if
> it is there. If not, you run Vista.
>
> /srv/www/htdocs should be your default http://localhost
> As the subdirectory is phpMyAdmin, you should get there with
> http://localhost/phpMyAdmin
>
> Obviously your Apache is running. If not, you sort that out first.
It is. Since November 2005. These people found it in March 2006:
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwaxborg.servepics.com
>
> What I have done is edited a virtual host (I believe you understand that
> concept)
I do. I only have one host running though, I've got no virtual hosts.
><VirtualHost *:80>
> DocumentRoot "/media/hda2/srv/www/htdocs/phpMyAdmin"
> ServerName php
> <Directory "/media/hda2/srv/www/htdocs/phpMyAdmin/">
> Allow from localhost
> </Directory>
></VirtualHost>
>
> That way I just type php instead of http://localhost/phpMyAdmin
>
> So just go to http://localhost/phpMyAdmin
> After that just follow http://houghi.org/wink/vahis_movie.htm
Nice presentation. I've got exactly this impression of how this software
works. I used to use Access and NT years ago and it looked very similar.
Also the reports were pulled the same way. (Which is funny because NT is
no server OS and Access is no database)
The real thing gives me:
#1045 - Access denied for user 'root'@'localhost' (using password: NO)
Probably reason of this is that you did not create configuration file.
You might want to use _setup script_ to create one.
Give me a break. That's what I'm trying to do here.
Do we have a hen and egg problem here or what?
(We need the cli to get rid of cli)
Maybe I'll try to edit that in cli.
Vahis
--
"Let the children's laughter remind us how we used to be."
From "Greatest Love of All" by Michael Masser and Linda Creed.
houghi
> The real thing gives me:
> #1045 - Access denied for user 'root'@'localhost' (using password: NO)
> Probably reason of this is that you did not create configuration file.
> You might want to use _setup script_ to create one.
Well, have you created the user 'root' for the mysql database. Remember
that these are users of MySQL, not of Linux
> Give me a break. That's what I'm trying to do here.
> Do we have a hen and egg problem here or what?
> (We need the cli to get rid of cli)
Yes at this moment,. I thought you were able to make tables on the CLI,
so I asumed that you were able to connect to MySQL. Use THAT login and
password, not your regular ones.
> Maybe I'll try to edit that in cli.
Now you will understand bug
https://bugzilla.novell.com/show_bug.cgi?id=347149
Most likely your user will NOT be called root, but vahis.
Vahis
>> The real thing gives me:
>> #1045 - Access denied for user 'root'@'localhost' (using password: NO)
>> Probably reason of this is that you did not create configuration file.
>> You might want to use _setup script_ to create one.
>
> Well, have you created the user 'root' for the mysql database. Remember
> that these are users of MySQL, not of Linux
I can connect to MySQL via cli and do the stuff I said.
I can also connect via MySQL Administrator and whatever.
As root or as user(s) that I've created.
But not via browser/PhpMyAdmin
>
>> Give me a break. That's what I'm trying to do here.
>> Do we have a hen and egg problem here or what?
>> (We need the cli to get rid of cli)
>
> Yes at this moment,. I thought you were able to make tables on the CLI,
I am. It's the Phpadmin that does not let me do anything.
> so I asumed that you were able to connect to MySQL. Use THAT login and
> password, not your regular ones.
Where do I put the username and password when I try to connect via browser
http://localhost/phpMyAdmin/
>
>> Maybe I'll try to edit that in cli.
>
> Now you will understand bug
> https://bugzilla.novell.com/show_bug.cgi?id=347149
>
> Most likely your user will NOT be called root, but vahis.
I have root and other users.
They all can connect to MySQL but not via browser/phpMyAdmin.
If I run Firefox as me then who is the one that is connecting to My SQL at
that time?
Vahis
> I installed Phpmyadmin in openSUSE 10.3.
>
> I have MySQL running and I can make databases, tables, users and so on
> from the mysql console.
>
> I'm having the following problems:
>
> Here's the page that I've tried to follow, the official wiki
> http://wiki.cihar.com/pma/Setup
>
> At this point where it says: Next, open
> http://localhost/phpmyadmin/scripts/setup.php in your browser.
>
> There's no such directory. The setup.php script can be found in
> /srv/www/htdocs/phpMyAdmin/libraries/dbg/setup.php
>
> Browsing http://localhost/phpMyAdmin/libraries/dbg/setup.php
>
> 403:
> You don't have permission to access the requested object. It is either
> read-protected or not readable by the server.
>
> Should I change that file's permissions? To what? World?
> Or should it be copied somewhere else to be run?
> Also then perhaps change its permissions?
I was able to connect via browser/phpmyadmin.
I don't know if I did the right thing, so I'm doing these things on a
test server:
I took the file /srv/www/htdocs/phpMyAdmin/config.sample.inc.php
I added the root password here:
$cfg['blowfish_secret'] = 'sqlrootpasswordhere'; /* YOU MUST FILL IN THIS FOR
COOKIE AUTH! */
Then I saved that file as
/srv/www/htdocs/phpMyAdmin/config.inc.php
Now I'm in the business, I'm in anyway...
This feels like a very wrong way but I'm investigating.
Vahis
houghi
> On 2008-02-23, houghi <hou...@houghi.org.invalid> wrote:
>> Vahis wrote:
>>> The real thing gives me:
>>> #1045 - Access denied for user 'root'@'localhost' (using password: NO)
>>> Probably reason of this is that you did not create configuration file.
>>> You might want to use _setup script_ to create one.
>>
>> Well, have you created the user 'root' for the mysql database. Remember
>> that these are users of MySQL, not of Linux
>
> I can connect to MySQL via cli and do the stuff I said.
> I can also connect via MySQL Administrator and whatever.
>
> As root or as user(s) that I've created.
>
> But not via browser/PhpMyAdmin
OK. I have de-installed mysql and php and now see what is going on. As
root:
1) cd /srv/www/htdocs/phpMyAdmin
2) cp config.sample.inc.php config.inc.php
3) vi config.inc.php and edit the line:
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH!
Add anything you desire between the lines.
Now you should be able to log in with your MyQSL user.
Vahis
> Vahis wrote:
>> On 2008-02-23, houghi <hou...@houghi.org.invalid> wrote:
>>> Vahis wrote:
>>>> The real thing gives me:
>>>> #1045 - Access denied for user 'root'@'localhost' (using password: NO)
>>>> Probably reason of this is that you did not create configuration file.
>>>> You might want to use _setup script_ to create one.
>>>
>>> Well, have you created the user 'root' for the mysql database. Remember
>>> that these are users of MySQL, not of Linux
>>
>> I can connect to MySQL via cli and do the stuff I said.
>> I can also connect via MySQL Administrator and whatever.
>>
>> As root or as user(s) that I've created.
>>
>> But not via browser/PhpMyAdmin
>
> OK. I have de-installed mysql and php and now see what is going on. As
> root:
> 1) cd /srv/www/htdocs/phpMyAdmin
> 2) cp config.sample.inc.php config.inc.php
> 3) vi config.inc.php and edit the line:
> $cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH!
>
> Add anything you desire between the lines.
>
> Now you should be able to log in with your MyQSL user.
>
> houghi
This is funny. I just posted that I had found this out.
But is this the right method?
The password is there in text in a file on a web server. I don't like
this.
houghi
> I took the file /srv/www/htdocs/phpMyAdmin/config.sample.inc.php
> I added the root password here:
>
> $cfg['blowfish_secret'] = 'sqlrootpasswordhere'; /* YOU MUST FILL IN THIS FOR
> COOKIE AUTH! */
>
> Then I saved that file as
> /srv/www/htdocs/phpMyAdmin/config.inc.php
>
> Now I'm in the business, I'm in anyway...
>
> This feels like a very wrong way but I'm investigating.
The part that is wrong is the 'sqlrootpasswordhere'. What you need there
is some random data. Use something like this:
http://www.techzoom.net/security-password.asp
I have set it to e.g. 23 length amd also upper-case. I do not use
special chars as that might give errors.
You can type anything there as it will never be asked again.
On the left you will have the database mysql where you could add more
users. A 'user' is not so much a person as it is a login (and password)
to access the database. e.g. a php page will also be able to do this if
permision is given.
Yes, it can be a bit confusing. But just edit the
'sqlrootpasswordhere' with something like '9I33t74Q6Oa6i8Wh4SYbgba' or
'rS5509DX89SCv04qfSogkYUynY5' or 'the name of your goldfish'. That way
your password is not saved as plain text.
It is wise anyway to have a different username and password for MySQL
anyway. However that will become more clear when you start to implement
it in php. e.g. mysql_user_vahis instead of just vahis.
e.g. you will then have something like:
?php
$dbhost = 'localhost';
$dbuser = 'mysql_user_vahis';
$dbpass = 'sql_pasword_for_mysql_user_vahis';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
('Error connecting to mysql');
$dbname = 'vahis_movies';
mysql_select_db($dbname);
?>
If you edit /srv/www/htdocs/phpMyAdmin/config.inc.php in such a way that
you can log in automagicaly, the fact that it is a longer name is of no
importance anymore.
houghi
> This is funny. I just posted that I had found this out.
This is indeed funny.
> But is this the right method?
Almost
> The password is there in text in a file on a web server. I don't like
> this.
Use something random. See my other post to the one I mist.
Vahis
>> I took the file /srv/www/htdocs/phpMyAdmin/config.sample.inc.php
>> I added the root password here:
>>
>> $cfg['blowfish_secret'] = 'sqlrootpasswordhere'; /* YOU MUST FILL IN THIS FOR
>> COOKIE AUTH! */
>>
>> Then I saved that file as
>> /srv/www/htdocs/phpMyAdmin/config.inc.php
>>
>> Now I'm in the business, I'm in anyway...
>>
>> This feels like a very wrong way but I'm investigating.
>
> The part that is wrong is the 'sqlrootpasswordhere'. What you need there
> is some random data. Use something like this:
> http://www.techzoom.net/security-password.asp
My passwords are at least 15 characters for users and like over 22 for
root. I have written about this long ago:
http://waxborg.servepics.com/mobile/articles/ssh.html
You didn't think that was my password, did you?
But shouldn't it be a real one?
>
> I have set it to e.g. 23 length amd also upper-case. I do not use
> special chars as that might give errors.
See my link about how I generate passwords and remember them.
I have some passwords that describe certain people.
Since passwords need to have also capital letters and numbers I have
included their cup sizes like sometimes 36DD :)
>
> You can type anything there as it will never be asked again.
So that does not need to be a real password in any way?
>
> On the left you will have the database mysql where you could add more
> users. A 'user' is not so much a person as it is a login (and password)
> to access the database. e.g. a php page will also be able to do this if
> permision is given.
I have some test users now. The only real user is Amarok.
I have been able to configure it to use MySQL Works great :)
>
> Yes, it can be a bit confusing. But just edit the
> 'sqlrootpasswordhere' with something like '9I33t74Q6Oa6i8Wh4SYbgba' or
> 'rS5509DX89SCv04qfSogkYUynY5' or 'the name of your goldfish'. That way
> your password is not saved as plain text.
So this so called password there is no real password?
>
> It is wise anyway to have a different username and password for MySQL
> anyway. However that will become more clear when you start to implement
> it in php. e.g. mysql_user_vahis instead of just vahis.
>
> e.g. you will then have something like:
> ?php
> $dbhost = 'localhost';
> $dbuser = 'mysql_user_vahis';
> $dbpass = 'sql_pasword_for_mysql_user_vahis';
> $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
> ('Error connecting to mysql');
> $dbname = 'vahis_movies';
> mysql_select_db($dbname);
> ?>
>
> If you edit /srv/www/htdocs/phpMyAdmin/config.inc.php in such a way that
> you can log in automagicaly, the fact that it is a longer name is of no
> importance anymore.
>
I thought also that /srv/www/htdocs/phpMyAdmin/config.inc.php
permissions could be changed to readonly for root and forbidden to
others.
If somebody could then see it he'd be root already.
And the game would over anyway then.
Vahis
Remodeling my site to train new things:
http://waxborg.servepics.com
--
houghi
> You didn't think that was my password, did you?
> But shouldn't it be a real one?
No.
>> You can type anything there as it will never be asked again.
>
> So that does not need to be a real password in any way?
No.
> So this so called password there is no real password?
No.
>> If you edit /srv/www/htdocs/phpMyAdmin/config.inc.php in such a way that
>> you can log in automagicaly, the fact that it is a longer name is of no
>> importance anymore.
>>
>
> I thought also that /srv/www/htdocs/phpMyAdmin/config.inc.php
> permissions could be changed to readonly for root and forbidden to
> others.
> If somebody could then see it he'd be root already.
> And the game would over anyway then.
Well, that you can do, but it isn't any password anyway.
Nikos Chantziaras
> On 2008-02-23, Nikos Chantziaras <rea...@arcor.de> wrote:
>> phpMyAdmin is installed differently on openSUSE than the default when
>> you install from the official tar.gr. The configuration file should be
>> somewhere in /etc/ and you have to edit it by hand.
>
> So you are basically saying that the script does not work in Suse?
It's not even there. That script is used during initial installation of
phpMA.
>> I recommend installing the latest official tar.gz instead of the
>> openSUSE packaged RPM.
>
> Do you have a reason for that recommendation?
> Is there something wrong in the "Suse way"
The reason is the setup script and the easy setup it provides. You can
do it manually by hand instead of per GUI too, of course. In that case,
the openSUSE RPM is just fine. But since you asked, I assumed you're
not familiar with the manual setup, that's why I recommended the
upstream tar.gz. If you decide to use the RPM, note that set-up
documentation of phpMA does not apply anymore because there's no initial
set-up script.
Nikos Chantziaras
> I don't know if I did the right thing, so I'm doing these things on a
> test server:
>
> I took the file /srv/www/htdocs/phpMyAdmin/config.sample.inc.php
> I added the root password here:
>
> $cfg['blowfish_secret'] = 'sqlrootpasswordhere'; /* YOU MUST FILL IN THIS FOR
> COOKIE AUTH! */
>
> Then I saved that file as
> /srv/www/htdocs/phpMyAdmin/config.inc.php
>
> Now I'm in the business, I'm in anyway...
Uhm, an existing configuration file should be in /etc/phpMyAdmin I
think? You should just edit the one there and don't touch anything
inside /srv/www/htdocs/phpMyAdmin.
"$cfg['blowfish_secret']" is not a password. It just needs some random
characters, anything. It's not something you'll need to remember.
Also, it's only used when you enable cookie based authentication.
Again, the set-up script (which has been deleted in the openSUSE RPM)
explains all this with direct links to the appropriate sections on the
documentation and pop-up helpers.