[MXS-2368] maxctrl requires password on command line and cannot change user password Created: 2019-03-06  Updated: 2021-11-30  Resolved: 2019-03-13

Status: Closed
Project: MariaDB MaxScale
Component/s: maxctrl
Affects Version/s: 2.3.4
Fix Version/s: 2.2.20, 2.3.5

Type: Bug Priority: Major
Reporter: Richard Lane Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None
Environment:

centos-7

Issue Links:
Relates
relates to MXS-3896 When reading password from stdin via ... Closed
relates to MXS-2381 Admin user passwords cannot be changed Closed

 Description   

Two issues with maxctrl:

1. maxctrl requires the maxadmin user password to be provided on command line (--password). A simple more secure solution would be to allow the password to be provided via an environment variable, but that is not totally secure since it is visible in /proc. Best solution would be to allow it to be passed via stdin, but that is currently not supported via tools (ie., not a TTY).

2. maxctrl does not have an interface (eg., maxctrl alter user) to allow changing the password of an existing user. The user must be destroyed and re-created with new password.



 Comments   
Comment by markus makela [ 2019-03-07 ]

Seems like a limitation of the input processing library.

[markusjm@monolith build-develop]$ echo "hello"|bin/maxctrl -p  -- list servers
 
Enter password: /bin/sh: /snapshot/maxctrl/node_modules/readline-sync/lib/read.sh: No such file or directory
 
{ Error: The current environment doesn't support interactive reading from TTY.
 
/bin/sh: /snapshot/maxctrl/node_modules/readline-sync/lib/read.sh: No such file or directory
 
    at readlineExt (/snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:212:19)
 
    at tryExt (/snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:249:15)
 
    at /snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:383:20
 
    at _readlineSync (/snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:422:5)
 
    at getValidLine (/snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:752:11)
 
    at Object.exports.question (/snapshot/maxctrl/node_modules/readline-sync/lib/readline-sync.js:834:10)
 
    at module.exports.maxctrl (/snapshot/maxctrl/lib/common.js:0)
 
    at Object.handler (/snapshot/maxctrl/lib/list.js:0)
 
    at Object.module.exports.self.runCommand (/snapshot/maxctrl/node_modules/yargs/lib/command.js:233:22)
 
    at Object.__dirname.Yargs.self._parseArgs (/snapshot/maxctrl/node_modules/yargs/yargs.js:990:30)
 
  method: 'execFileSync',
 
  program: '/bin/sh',
 
  args: 
   [ '/snapshot/maxctrl/node_modules/readline-sync/lib/read.sh',
 
     '--hideEchoBack',
 
     '--mask',
 
     '#42;' ],
 
  extMessage: '/bin/sh: /snapshot/maxctrl/node_modules/readline-sync/lib/read.sh: No such file or directory',
 
  exitCode: 127,
 
  code: undefined,
 
  signal: null }

Comment by markus makela [ 2019-03-13 ]

Fixed the reading of passwords from non-tty inputs. Created a separate issue (MXS-2381) for the lack of password change functionality

Generated at Thu Feb 08 04:13:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.