Database administration tool for non-admin users, rewrite of https://git.pvv.ntnu.no/Projects/mysql-admutils
Go to file
Oystein Kristoffer Tveit eddc0ad5e9 Fix issue where groupless users own all users/dbs 2024-08-04 17:51:49 +02:00
src Fix issue where groupless users own all users/dbs 2024-08-04 17:51:49 +02:00
.gitignore .gitignore: add nix ignores 2024-08-04 14:30:35 +02:00
Cargo.lock Remove randomly generated example, run clippy. Fixes #6 2024-07-12 21:59:44 +02:00
Cargo.toml Remove randomly generated example, run clippy. Fixes #6 2024-07-12 21:59:44 +02:00
LICENSE Initial commit 2024-04-20 03:38:29 +02:00
README.md Simplify docker networking and clarify the README, fixes #8 2024-07-12 21:27:35 +02:00
example-config.toml make database connection timeout configurable 2024-07-09 21:36:12 +02:00
flake.lock flake.nix: replace fenix with rust-overlay 2024-07-10 17:08:53 +02:00
flake.nix flake.nix: replace fenix with rust-overlay 2024-07-10 17:08:53 +02:00

README.md

mysqladm-rs

Work in progress rewrite of https://git.pvv.ntnu.no/Projects/mysql-admutils

Installation

The resulting binary will probably need to be marked as either SUID or SGID to work in a multi-user environment. The UID/GID of the binary should have access to the config file, which contains secrets to log in to an admin-like MySQL user. Preferrably, this UID/GID should not be root, in order to minimize the potential damage that can be done in case of security vulnerabilities in the program.

Development and testing

Ensure you have a rust toolchain installed.

In order to set up a test instance of mariadb in a docker container, run the following command:

docker run --rm --name mariadb -e MYSQL_ROOT_PASSWORD=secret -p 3306:3306 -d mariadb:latest

This will start a mariadb instance with the root password secret, and expose the port 3306 on the host machine.

Run the following command to create a configuration file with the default settings:

cp ./example-config.toml ./config.toml

If you used the docker command above, you can use these settings as is, but if you are running mariadb/mysql on another host, port or with another password, adjust the corresponding fields in config.toml. This file will contain your database password, but is ignored by git, so it will not be committed to the repository.

You should now be able to connect to the mariadb instance, after building the program and using arguments to specify the config file.

cargo run -- --config-file ./config.toml <args>

# example usage
cargo run -- --config-file ./config.toml create-db "${USER}_testdb"
cargo run -- --config-file ./config.toml create-user "${USER}_testuser"
cargo run -- --config-file ./config.toml edit-db-perm -p "${USER}_testdb:${USER}_testuser:A"
cargo run -- --config-file ./config.toml show-db-perm

To stop and remove the container, run the following command:

docker stop mariadb