Bug#677844: icinga-web: postinst fails to set root passwd - MYSQL_PWD env var not working

June 17th, 2012 - 04:30 am ET by Thomas Debost | Report spam

Package: icinga-web
Version: 1.7.0-2
Severity: important

Dear Maintainer,

icinga-web fails to install on my server.

After investigation, it appeared that the command that fails is the following:

echo "UPDATE nsm_user SET user_password='""$pwhash_e""', user_salt = '""$salt_e""' WHERE user_name = 'root';" \
| mysql -h "${dbc_dbhost:=localhost}" -u "$dbc_dbuser" "$dbc_dbname"

The password previously stored in $MYSQL_PWD is not working.

Install was successful after a quick change to postinst to the following.

echo "UPDATE nsm_user SET user_password='""$pwhash_e""', user_salt = '""$salt_e""' WHERE user_name = 'root';" \
| mysql -h "${dbc_dbhost:=localhost}" -u "$dbc_dbuser" -p$dbc_dbpass "$dbc_dbname"

I hope this helps

Tom

Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages icinga-web depends on:
ii dbconfig-common 1.8.47+nmu1
ii debconf [debconf-2.0] 1.5.43
ii icinga-core 1.7.0-3
ii icinga-idoutils 1.7.0-3
ii php5 5.4.4~rc2-1
ii php5-cli 5.4.4~rc2-1
ii php5-gd 5.4.4~rc2-1
ii php5-mysql 5.4.4~rc2-1
ii php5-xsl 5.4.4~rc2-1
ii ucf 3.0025+nmu3

Versions of packages icinga-web recommends:
ii apache2 2.2.22-6
ii apache2-mpm-prefork [httpd] 2.2.22-6
ii lighttpd [httpd] 1.4.31-1
ii mysql-client-5.5 [mysql-client] 5.5.24+dfsg-3

icinga-web suggests no packages.

* icinga-web/install-error: ignore
icinga-web/missing-db-package-error: abort
icinga-web/upgrade-error: abort
* icinga-web/db/dbname: local_icingaweb
icinga-web/dbconfig-reinstall: false
icinga-web/pgsql/method: unix socket
icinga-web/remote/port:
* icinga-web/mysql/method: unix socket
* icinga-web/mysql/admin-user: root
icinga-web/pgsql/manualconf:
* icinga-web/httpd: apache2
icinga-web/internal/reconfiguring: false
icinga-web/pgsql/admin-user: postgres
* icinga-web/database-type: mysql
icinga-web/remote/host:
icinga-web/pgsql/changeconf: false
icinga-web/dbconfig-upgrade: true
icinga-web/db/basepath:
icinga-web/remote/newhost:
icinga-web/upgrade-backup: true
icinga-web/remove-error: abort
icinga-web/internal/skip-preseed: false
icinga-web/purge: false
icinga-web/pgsql/authmethod-user: password
* icinga-web/db/app-user: icingaweb
icinga-web/pgsql/no-empty-passwords:
* icinga-web/rootpassword-mismatch:
icinga-web/dbconfig-remove:
* icinga-web/dbconfig-install: true
icinga-web/pgsql/authmethod-admin: ident
icinga-web/passwords-do-not-match:

To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Follow the discussion Replies

3 replies

Make a reply

Replies

#1 Markus Frosch

June 17th, 2012 - 08:20 am ET | Report spam

tags 677844 unreproducible moreinfo
thanks

Hello Tom,
thanks for your report.

The password previously stored in $MYSQL_PWD is not working.

I'm afraid I can't confirm the problem with my sid VM, MySQL is the same
version as yours.

Is it possible to share the output of the postinst script, what exactly is
the error?

Do you have any mysql connection info defined via .my.cnf or the global
my.cnf?

Are there any special chars in your password that might cause the problem?

echo "UPDATE nsm_user SET user_password='""$pwhash_e""', user_salt > '""$salt_e""' WHERE user_name = 'root';" \

| mysql -h "${dbc_dbhost:=localhost}" -u "$dbc_dbuser"
-p$dbc_dbpass "$dbc_dbname"

I'd not like to use this due to the root password will be visible via ps or
the /proc filesystem...

Please see
http://dev.mysql.com/doc/refman/5.5...-user.html

Best Regards
Markus Frosch

Markus Frosch

http://www.lazyfrosch.de

<div>tags 677844 unreproducible moreinfo</div><div>thanks</div><div><br></div>Hello Tom,<div>thanks for your report.</div><div><br><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

The password previously stored in $MYSQL_PWD is not working.<br></blockquote><div><br></div><div>I'm afraid I can't confirm the problem with my sid VM, MySQL is the same version as yours.</div><div><br></div><div>

Is it possible to share the output of the postinst script, what exactly is the error?</div><div><br></div><div>Do you have any mysql connection info defined via .my.cnf or the global my.cnf?</div><div><br></div><div>Are there any special chars in your password that might cause the problem?</div>

<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> echo "UPDATE nsm_user SET user_password='""$pwhash_e""', user_salt = '""$salt_e""' WHERE user_name = 'root';" \<br>

| mysql -h "${dbc_dbhost:=localhost}" -u "$dbc_dbuser" -p$dbc_dbpass "$dbc_dbname"<br></blockquote><div><br></div><div>I'd not like to use this due to the root password will be visible via ps or the /proc filesystem...</div>

<div><br></div><div>Please see <a href="http://dev.mysql.com/doc/refman/5.5...html" target="_blank">http://dev.mysql.com/doc/refman/5.5...lt;div>
Best Regards</div>
<div>Markus Frosch</div></div><div><br></div>-- <br>Markus Frosch<br><a href="mailto:" target="_blank"></a><br><a href="http://www.lazyfrosch.de" target="_blank">http://www.lazyfrosch.de</a><br>

</div></div>

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply to this message

#2 tomdeb

June 18th, 2012 - 07:30 am ET | Report spam

Hello Markus,

Thanks for your quick reply.

Here is the output of the postinst script:
==Creating config file /etc/icinga-web/conf.d/database-ido.xml with new version
database config successful: /etc/icinga-web/conf.d/database-ido.xml
ERROR 1045 (28000): Access denied for user 'icinga_web'@'localhost'
(using password: YES)
dpkg: error processing icinga-web (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
icinga-web
E: Sub-process /usr/bin/dpkg returned an error code (1)
==
Following your reply, I did some more testing and the cause is
definitely my .my.cnf.
I can reproduce the error when install as my user (who has a .my.cnf) with sudo.
The issue does not occur when .my.cnf is removed.

I had a look at
http://dev.mysql.com/doc/refman/5.5...-user.html and
even though using the -p parameter is not advised, the use of
MYSQL_PWD is not recommended either.

Regards,

Thomas Debost

On 17 June 2012 13:09, Markus Frosch wrote:

tags 677844 unreproducible moreinfo
thanks

Hello Tom,
thanks for your report.

The password previously stored in $MYSQL_PWD is not working.

I'm afraid I can't confirm the problem with my sid VM, MySQL is the same
version as yours.

Is it possible to share the output of the postinst script, what exactly is
the error?

Do you have any mysql connection info defined via .my.cnf or the global
my.cnf?

Are there any special chars in your password that might cause the problem?

echo "UPDATE nsm_user SET user_password='""$pwhash_e""', user_salt
= '""$salt_e""' WHERE user_name = 'root';" \
| mysql -h "${dbc_dbhost:=localhost}" -u "$dbc_dbuser"
-p$dbc_dbpass "$dbc_dbname"

I'd not like to use this due to the root password will be visible via ps or
the /proc filesystem...

Please
see http://dev.mysql.com/doc/refman/5.5...-user.html

Best Regards
Markus Frosch

Markus Frosch

http://www.lazyfrosch.de

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply to this message

#3 Markus Frosch

June 19th, 2012 - 02:40 am ET | Report spam

tags 677844 - unreproducible moreinfo
tags 677844 + fixed pending
thanks

Hello Tom,

Following your reply, I did some more testing and the cause is
definitely my .my.cnf.
I can reproduce the error when install as my user (who has a .my.cnf) with sudo.
The issue does not occur when .my.cnf is removed.

Thanks, I've fixed that by using an empty defaults file so any
/root/.my.cnf will be ignored.

The bug will be fixed in the next upload of 1.7.1-1 to unstable.

I had a look at
http://dev.mysql.com/doc/refman/5.5...-user.html and
even though using the -p parameter is not advised, the use of
MYSQL_PWD is not recommended either.

Yes, thats right. The "problem" is that /proc/<processid>/environ might
be readable to other users.

But I don't think this will be a problem here, because on linux only
the process owner can read such a file - and root of course.

Please let me know if you have any additions.

Best Regards
Markus Frosch

Markus Frosch

http://www.lazyfrosch.de

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Follow the discussion Replies

Reply to this message

Create a new topic Replies

Make a reply

Make your own search

Bug#677844: icinga-web: postinst fails to set root passwd - MYSQL_PWD env var not working

Similar topics

Replies