Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changing passwords in docker-compose.yml not working -- security threat #7

Closed
ionics opened this issue Oct 8, 2020 · 3 comments
Closed

changing passwords in docker-compose.yml not working -- security threat #7

ionics opened this issue Oct 8, 2020 · 3 comments

Comments

@ionics
Copy link

ionics commented Oct 8, 2020

Hi folks,

it is not possible to change the following username and/or passwords in docker-compose.yml for
image: passwordcockpit/passwordcockpit:1.2.2-php-7.3-apache

Changing one of the following will result in connection errors:

  •         PASSWORDCOCKPIT_DATABASE_USERNAME: passwordcockpit_db_usr

  •         PASSWORDCOCKPIT_DATABASE_PASSWORD: password
    • MYSQL_ROOT_PASSWORD=root_password
  •         - MYSQL_USER=passwordcockpit_db_usr

  •         - MYSQL_PASSWORD=password

Suggestion:
If they are not intended to get changed by Sys-Admin, than there should be a comment or variables should be removed (or commented) from docker-compose.yml and some info in documentation is appreciated.

Thank you and kind regards!
Raphael
@bu3tt1
Copy link
Contributor

bu3tt1 commented Oct 15, 2020

Hello,

The mysql service variables are used during the creation of the container, it means that if the container has been created it is not possible to change mysql passwords (see https://hub.docker.com/_/mysql: "...Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup.".

Passwordcokpit on the other hand must have configured PASSWORDCOCKPIT_DATABASE_USERNAME and PASSWORDCOCKPIT_DATABASE_PASSWORD that are configured in the mysql container.

I suggest you try, if mysql doesn't contain any data you can't delete, to destroy the mysql container and configure username and passwords before docker-compose up?

If you cannot destroy mysql container, you can enter in the mysql container and change password and then reconfigure PASSWORDCOCKPIT_DATABASE_USERNAME and PASSWORDCOCKPIT_DATABASE_PASSWORD.

@ionics
Copy link
Author

ionics commented Oct 18, 2020
edited
Loading

Hello @bu3tt1 and thanks for your response.

INFO:
The thing is:

  • we did set ALL variables in docker-compose.yml BEFORE container-startup-command: docker-compose up -d.

So i still think there is a BUG in the setup process of the containers right?

QUESTION:
Changing DB credentials manually after container setup... we try right now.
Where are the credentials stored on the password cockpit side? This path => /var/www/html/config/autoload/db.local.php

<?php
return [
    'dbadapter' => [
        'username' => 'passwordcockpit_db_usr',
        'password' => 'password',
        'hostname' => 'mysql',
        'database' => 'passwordcockpit'
    ]
];

Is this the only path where one needs to adjust credentials username and password for DB connection?

Kind regards,
Raphael

@bu3tt1
Copy link
Contributor

bu3tt1 commented Dec 16, 2020

Yes the path /var/www/html/config/autoload/db.local.php it's correct

@bu3tt1 bu3tt1 closed this as completed Dec 16, 2020
@bu3tt1 bu3tt1 added invalid This doesn't seem right and removed invalid This doesn't seem right labels Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ionics @bu3tt1