Paul, As far as I can see (using getent passwd | cut -d : -f 1 | xargs groups) > there is no problem with *system* security. Also, User "0" does not appear > in the MySql 'borrowers' table. So why is it possible to log in with the > "warned against" credentials? How should it be used during upgrades? >
Only the MySQL user (= user 0 ="Koha superuser") can run the webinstaller, if you did not run the upgrade script from the command line (packages take care of it for you, which is one of the reasons why we recommend them). You also must use the database user when an empty database is first created because there is no other superlibrarian user which can be used for administration until after you've created one using your database login. It also is possible to create a superlibrarian with User "koha" > credentials; limited testing in my sandbox has not [yet!] shown any side > effects, except that User "0" can no longer log in (demonstrated by the > fact that "Library" is set.) > Right. The problem with doing that is that if you need to access the web installer, or inadvertently delete all your superlibrarians, you can no longer access Koha using the database credentials, and are therefore stuck. Regards, Jared -- Jared Camins-Esakov Bibliographer, C & P Bibliography Services, LLC (phone) +1 (917) 727-3445 (e-mail) jcam...@cpbibliography.com (web) http://www.cpbibliography.com/
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/