Cpanel MySQL Create/Drop database remotely
Using cpanel, I was able to create a FTP user with limited access to allow our technical support team to upload files to the server.
Now, I'm kind of stuck since they also need to be able run script to create and populate databases each time we want to create a new subdomain, but it seems that we can only create databases via the cpanel.
Is there a way to remotely create databases (and grant all the access rights owned by that user to the database)?
Note: I'm hosting my project on HostGator (https://www.hostgator.com/)
Note: You'll need to ask your host for an SSH access and a root access to the database to apply the following solution.
Note 2: Replace "gemhr" in the following tutorial by your own domain.
- Create two accounts (one used for the installation and one that will be assigned to the database and used in your server code, by example PHP).
- You will need to add the ip address in the whitelist (you need a static ip address to do so).
- Access SSH with putting and open MySQL. Then run the following queries.
Add full right the the database starting by "gemhr_" (use your domain name here) to the installer account:
GRANT ALL PRIVILEGES ON `gemhr\_%`.* TO 'gemhr_installer'@'modemcable134.79-70-69.static.videotron.ca';
Give the right to execute stored procedure on the table "mysql" to the installer account:
GRANT EXECUTE ON mysql.* TO 'gemhr_installer'@'modemcable134.79-70-69.static.videotron.ca';
The following stored procedure must be ran after creating or deleting a database. It will grant or revoke the access to the account used in PHPMyAdmin and to the support account use by the server code (like PHP).
Change the "gemhr" for your domain name and change the access rights of "gemhr_support" based on what you need it to do in your server code.
USE mysql;
DELIMITER //
CREATE DEFINER=`root`@`127.0.0.1` PROCEDURE `manageSubDomain`
(
sdName VARCHAR(50),
created BOOLEAN
)
BEGIN
DECLARE EXIT HANDLER FOR SQLEXCEPTION
BEGIN
ROLLBACK;
RESIGNAL;
END;
IF ((SELECT
CASE WHEN sdName REGEXP '^gemhr_[A-Za-z0-9_]+$'
THEN TRUE
ELSE FALSE END
) = TRUE AND
IFNULL(
(
SELECT `SCHEMA_NAME`
FROM `information_schema`.`SCHEMATA`
WHERE `SCHEMA_NAME` = (sdName COLLATE utf8_unicode_ci)
),
''
) <> ''
) THEN
SET sdName = INSERT(
sdName,
INSTR(sdName, '_'),
1,
'\_'
);
START TRANSACTION;
IF (created = true) THEN
SET @query = CONCAT(
'GRANT ALL PRIVILEGES ON `',
sdName, '`.* TO ''gemhr''@''localhost'''
);
ELSE
SET @query = CONCAT(
'REVOKE ALL PRIVILEGES ON `',
sdName, '`.* FROM ''gemhr''@''localhost'''
);
END IF;
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
IF (created = true) THEN
SET @query = CONCAT(
'GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `',
sdName,
'`.* TO ''gemhr_support''@''localhost'''
);
ELSE
SET @query = CONCAT(
'REVOKE ALL PRIVILEGES ON `',
sdName,
'`.* FROM ''gemhr_support''@''localhost'''
);
END IF;
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
SET @query = REPLACE(
@query,
'localhost',
'modemcable134.79-70-69.static.videotron.ca'
);
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
COMMIT;
SET @query = '';
ELSE
SIGNAL SQLSTATE '45000'
SET MESSAGE_TEXT = 'INVALID_SUBDOMAIN_NAME';
END IF;
END //
DELIMITER ;
To be on the safe side, you should also grant access to all your sub-domain database remotely and for localhost.
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `gemhr\_%`.* TO 'gemhr_support'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `gemhr\_%`.* TO 'gemhr_support'@'modemcable134.79-70-69.static.videotron.ca';
- Create a cron job to refresh the database mapping (otherwise your database will be visible in the PHPMyAdmin, but not in Cpanel). The cron job didn't seem to work when executed by my cpanel user, so I created it directly in SSH.
Use this command to open the crontab editor:
crontab -e
Use this command to refresh the database mapping once per hour:
0 * * * * /usr/local/cpanel/scripts/rebuild_dbmap gemhr
CTRL + X to save.
Log in MySQL workbench with your installer to test that everything is alright:
CREATE DATABASE IF NOT EXISTS `gemhr_test123`; USE mysql; CALL `manageSubDomain`('gemhr_test123', true); -- CALL `manageSubDomain`('gemhr_test123', false); -- DROP DATABASE IF EXISTS `gemhr_test123`;
Here's the expected result (you might want to set your cron job every minute for testing to quickly see the result in cpanel):
From there, I suggest to create some coding to completely hide the SQL creation to your tech. team behind a nice web interface.
Use that coding if you ever want to revert the changes presented in this post:
REVOKE ALL PRIVILEGES ON `gemhr\_%`.* from 'gemhr_installer'@'modemcable134.79-70-69.static.videotron.ca';
REVOKE ALL PRIVILEGES ON `mysql`.* from 'gemhr_installer'@'modemcable134.79-70-69.static.videotron.ca';
REVOKE ALL PRIVILEGES ON `gemhr\_%`.* from 'gemhr_support'@'modemcable134.79-70-69.static.videotron.ca';
REVOKE ALL PRIVILEGES ON `gemhr\_%`.* from 'gemhr_support'@'localhost';
USE mysql;
DROP PROCEDURE IF EXISTS `manageSubDomain`;
- Will modifying the primary key type using ALTER in MySQL reset the auto-increment value to 0?
- Auto-increment is not resetting in MySQL
- Php update database if checkbox is not checked
- Retrieve 10 records from MySQL?
- how to use str_to_date (MySQL) to parse two-digit year correctly
- sum column value(s) if previous values has same value with current value from the same table in mysql
- JDBC connection without database definition
- Checking connection to MySQL (Java)
- WARN: Establishing SSL connection without server's identity verification is not recommended
- how to solve django.db.utils.NotSupportedError in django
- How to make an Inner Join in django?
- Can I order by a conditional combination of fields in MySQL?
- Select from 2 tables in the last 30 days, return 0 if null/not exist
- Can't connect to local MySQL server through socket '/var/mysql/mysql.sock' (38)
- Access denied for user 'root@localhost' (using password:NO)
- Watching a table for change in MySQL?
- table is specified twice both as a target for INSERT and as separate source of data
- Python Mysql, "commands out of sync; you can't run this command now"
- Does Laravel's "soft_delete" need index on MySQL?
- How do I access a field from the main query inside a sub query in mySQL?
- Not getting unpaid or partially paid records some can help me?
- Warning: The post-install step did not complete successfully when trying to install mysql using brew in Mac OS High Sierra
- MySQL Entity Attribute Value table structure proposal
- CodeIgniter SELECT query on table with JOIN and WHERE IN a subquery
- is there a MYSQL tables schema for storing raw material, intermediate and final products?
- MySQL: Total GROUP BY WITH ROLLUP curiosity
- Problem with pip install mariadb - mariadb_config not found
- nodejs mysql memory leak on large volume of high frequency queries
- `MODIFY COLUMN` vs `CHANGE COLUMN`
- Displaying BLOB image from Mysql database into dynamic div in html