I set up a friend’s account on my server last night. It was the first step towards providing my acquaintances with free, unrestricted web hosting. Slashdot tells me this is a bad idea.
It turned out that, despite having dabbled in MUD development and his own server, he didn’t know Unix commands (just err, “DOS”). I’ll refrain from comment because said friend knows I write here, but I was surprised to find myself explaining the basics. Luckily, we were just installing wordpress, so his interaction with the command line was minimal and will probably be nill in the future.
I went through ls, ls -l, rm, rmdir (no rm -rf — too complicated to explain), permissions (but not directory permissions) mkdir, cd, pico, and relative paths. He got putty and WinSCP. (I like ttssh better but I thought the installation of the ssh piece was one extra step to an already overfull process.) I also showed him the wonder of wget and the despairs of case sensitivity.
Despite all that, mySQL actually provided the most troublesome step. I set him up with a strong mySQL password but still wanted him to change it himself. To my amazement, there is no way to do this in phpmyadmin. Apparently, you can do it in cpanel, but we don’t use that due to its poor updating system. The web would lead me to believe my only alternatives are the following:
- Change it as root (then I still know the pw, and I don’t want to.)
- Use sql to update the user table (only the user knows pw but he has access to user table and everyone else’s.)
- Use the mysql command to do it, but that requires the command line and isn’t appropriate for my friend described above.
- Delete the user and remake him with new pw. (I still know the password. As an aside, wth? That isn’t a valid suggestion. I’m looking at you)
It seems like a simple enough addition to phpmyadmin. Write a script that accepts the user’s current password, validate against the user table, then ask for the new pw, and run the sql to update it. I can, and probably will, add it myself, but why hasn’t it been added already? It makes me wonder if I am missing something, like the link clearly shown in this picture.
Granted, people don’t change their database passwords very often, if ever, but the option to give the user a gibberish pw generated by phpmyadmin seems to agree with the concept of ‘user changes it to something meaninful afterwards.’
I have a vague memory from cpanel that there was some manager like mysqllite that handled this sort of thing? but I can’t find it.