From 7391e9331d5cd4341550c763b25b77774860063a Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Thu, 4 May 2017 03:25:15 -0700
Subject: [PATCH] get latest changes

---
 Mediawiki_Setup_Guide | 34 +++++++++++++++++++++-------------
 mw-setup-script       | 30 +++++++++++++++++++-----------
 2 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/Mediawiki_Setup_Guide b/Mediawiki_Setup_Guide
index 6acc243..d50aa7c 100644
--- a/Mediawiki_Setup_Guide
+++ b/Mediawiki_Setup_Guide
@@ -66,7 +66,7 @@ export mwdescription="REPLACE_ME" # eg. Opinionated Free Software Wiki
 export wikiuser="REPLACE_ME"
 export wikipass=REPLACE_ME
 
-# root password for the mysql database
+# root & user password for the mysql database
 export dbpass=REPLACE_ME
 
 export mwdomain=REPLACE_ME # domain name. for this site, it's ofswiki.org
@@ -264,18 +264,26 @@ else
 fi
 
 
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
-    # answer interactive prompts:
-    # mysql root pass, change pass? no, remove anon users? (default, yes)
-    # disallow remote root (default, yes), reload? (default, yes)
-    echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
-    # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+    # Note: we set a root password here, but in debian 9+, it is ignored;
+    # only the local user root can login, and a password is silently ignored.
+    # We answer these interactive prompts:
+    # Enter current password for root (enter for none):
+    # Set root password? [Y/n]
+    # New password:
+    # Re-enter new password:
+    # Remove anonymous users? [Y/n]
+    # Disallow root login remotely? [Y/n]
+    # Remove test database and access to it? [Y/n]
+    # Reload privilege tables now? [Y/n]
+    # Note, I had 1 less newline at the start when doing ubuntu 14.04,
     # compared to debian 8, so can't say this is especially portable.
-    # It won't hurt if it fails.
     echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
 fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
 </source>
 
 
@@ -321,12 +329,12 @@ cd ..
 # Drop any previous database which may have been installed while testing.
 # If upgrading, we should have a db backup which will get restored.
 # https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
 drop database my_wiki;
 exit
 EOF
 php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
-    --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+    --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
 teeu $mwc <<'EOF'
 # lock down the wiki to only the initial owner until anti-spam measures are put in place
 # limit edits to registered users
@@ -970,7 +978,7 @@ ssh $o root@$mwdomain <<EOF
 set -e
 chmod -R g+w $mw/images
 chgrp -R www-data $mw/images
-mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_backup
+mysql -uroot "-p$dbpass" my_wiki < /tmp/wiki_db_restore/wiki_db_backup
 php $mw/maintenance/update.php
 EOF
 </source>
diff --git a/mw-setup-script b/mw-setup-script
index acc327f..9c1fd86 100755
--- a/mw-setup-script
+++ b/mw-setup-script
@@ -126,18 +126,26 @@ else
 fi
 
 
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
-    # answer interactive prompts:
-    # mysql root pass, change pass? no, remove anon users? (default, yes)
-    # disallow remote root (default, yes), reload? (default, yes)
-    echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
-    # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+    # Note: we set a root password here, but in debian 9+, it is ignored;
+    # only the local user root can login, and a password is silently ignored.
+    # We answer these interactive prompts:
+    # Enter current password for root (enter for none):
+    # Set root password? [Y/n]
+    # New password:
+    # Re-enter new password:
+    # Remove anonymous users? [Y/n]
+    # Disallow root login remotely? [Y/n]
+    # Remove test database and access to it? [Y/n]
+    # Reload privilege tables now? [Y/n]
+    # Note, I had 1 less newline at the start when doing ubuntu 14.04,
     # compared to debian 8, so can't say this is especially portable.
-    # It won't hurt if it fails.
     echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
 fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
 # </source>
 # <source lang="bash">
 mkdir -p $mw
@@ -165,12 +173,12 @@ cd ..
 # Drop any previous database which may have been installed while testing.
 # If upgrading, we should have a db backup which will get restored.
 # https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
 drop database my_wiki;
 exit
 EOF
 php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
-    --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+    --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
 teeu $mwc <<'EOF'
 # lock down the wiki to only the initial owner until anti-spam measures are put in place
 # limit edits to registered users
-- 
2.30.2