用于更新跨多个版本的服务器上多个 Drupal 站点的管理员用户密码的 Bash 脚本
我有一台运行很多 Drupal 站点的服务器。其中一些较旧,运行 Drupal 5,而有些较新,运行 Drupal 6。我们也开始实施 Drupal 7。
我们的组织使用一个标准网站管理密码,我们仅在内部分发给员工以维护这些网站。这可能是也可能不是最好的安全实践,但这就是我们目前的做法。请假设这不会改变。
我们遇到的问题是,当我们有员工流动时,我们必须更改此密码并将更改应用到我们运行的每个站点,以确保员工无法破坏我们客户的任何站点。这对于解雇来说更为重要,但我们也将其作为辞职的最佳实践。
过去,我运行了一个基本的 PHP 脚本,该脚本在数据库服务器上使用 mysql_list_dbs 来迭代每个数据库并更改用户表的 pass 字段,其中名称 = admin。基本上:
while ($row = mysql_fetch_object(mysql_list_dbs($sql_connection))) {
mysql_query("UPDATE users SET pass=MD5('$newpassword') WHERE name='admin'", $row->Database);
}
这工作得很好,但有两个问题:
- 它很老套,而且我讨厌老套的东西。我宁愿使用“官方方式”做事
- Drupal 7 使用与 D5 和 D6 不同的哈希系统,因此这不适用于 Drupal 7 站点。现在,我必须在更新之前首先检查 pass 的现有值是否与旧密码的哈希值相匹配,这样我就不会意外破坏 Drupal 7 站点。与此同时,我还没有弄清楚如何在 Drupal 7 站点上实现这一点。
所以我正在寻找替代解决方案。我真的认为我需要使用一个 bash 脚本,该脚本要么从 httpd.conf 迭代虚拟主机,要么使用 find 或其他东西,以一种或另一种方式,cd 到安装平台的“sites”文件夹中的每个站点安装目录(我们有一个相当混乱的设置*)并运行 drush upwd admin --password=$newpassword
这将完全独立于平台,并允许 Drupal 定义密码更改时会发生什么。
我意识到 Aegir 实际上可能是一个很好的解决方案,但我们还没有准备好实施 Aegir,我正在寻找更多快速而肮脏的中间解决方案。我感谢您提出的任何意见。
*只是我们混乱的设置的一个示例:
/www
/cliena
/drupal-5.x
/sites
/clienta.com <-- contains settings.php for Client A
/clientb
/drupal-5.x <-- contains old code base for Drupal 5 site that's been migrated I shoudld probably have my drush/bash script ignore these sections....
/drupal-6.x <-- contains code base for current Drupal 6 site
/sites
/clientb.com <-- contains settings.php for Client B
/clientc
/drupal-6.x
/sites
/default <-- contains settings.php for clientc.com
/sub1.clientc.com <-- contains settings.php for sub1.clientc.com
/sub2.clientc.com <-- contains settings.php for sub2.clientc.com
/sub3.clientc.com <-- contains settings.php for sub3.clientc.com
/client_sites
/drupal-5.x
/sites
/clientd.com <-- contains settings.php for clientd.com
/cliente.com <-- contains settings.php for cliente.com
/clientf.com <-- contains settings.php for clientf.com
...等等...您明白了。迁移到艾吉尔是有序的,但需要一段时间才能清理干净。
I have a server that runs quite a few Drupal sites. Some of these are older and running Drupal 5, while some are newer and running Drupal 6. We're also beginning to implement Drupal 7.
Our organization uses one standard Website Administration password that we distribute internally only to our employees for maintenance of these websites. This may or may not be the best security practice, but it is how we do things at this time. Please assume that this won't change.
The problem we have is that when we have employee turnover, we must change this password and apply the change to every site we run in order to make sure that the employee cannot deface any of our clients' sites. This is more critical for firings, but we also do it for resignations as a best practice.
In the past, I ran a basic PHP script that used mysql_list_dbs on our Database server to iterate through every database and change the pass field of the users table where the name = admin. BasicallY:
while ($row = mysql_fetch_object(mysql_list_dbs($sql_connection))) {
mysql_query("UPDATE users SET pass=MD5('$newpassword') WHERE name='admin'", $row->Database);
}
This worked perfectly fine but it has two problems:
- It's hacky and I hate hacky stuff. I'd rather do things that make use of the "official way" of doing things
- Drupal 7 uses a different hashing system than D5 and D6 did, so this won't work for Drupal 7 sites. Now I have to check first that the existing value of pass matches the hash of the old password before updating so that I don't accidentally break a Drupal 7 site. In the meantime, I haven't yet figured out how to implement this for Drupal 7 sites.
So I'm looking for an alternative solution. I really think that I need to use a bash script that either iterates through Virtual Hosts from httpd.conf or uses find or something and one way or another, cd's into every site install directory inside very installation platform's "sites" folder (we have a pretty messy setup*) and runs drush upwd admin --password=$newpassword
This would be completely platform independent and would allow Drupal to define what happens when the password is changed.
I realize that Aegir may actually be a good solution for this, but we're not ready to implement Aegir quite yet, and I'm looking for more of a quick and dirty intermediate solution. I appreciate any input you might have.
*Just a sample of our messy setup:
/www
/cliena
/drupal-5.x
/sites
/clienta.com <-- contains settings.php for Client A
/clientb
/drupal-5.x <-- contains old code base for Drupal 5 site that's been migrated I shoudld probably have my drush/bash script ignore these sections....
/drupal-6.x <-- contains code base for current Drupal 6 site
/sites
/clientb.com <-- contains settings.php for Client B
/clientc
/drupal-6.x
/sites
/default <-- contains settings.php for clientc.com
/sub1.clientc.com <-- contains settings.php for sub1.clientc.com
/sub2.clientc.com <-- contains settings.php for sub2.clientc.com
/sub3.clientc.com <-- contains settings.php for sub3.clientc.com
/client_sites
/drupal-5.x
/sites
/clientd.com <-- contains settings.php for clientd.com
/cliente.com <-- contains settings.php for cliente.com
/clientf.com <-- contains settings.php for clientf.com
... and so forth... you get the picture. a Migration to Aegir is in order, but it'll take a while to clean this up.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以改进并继续编写以下脚本...
[] 的
Felipe
you could improve and continue writing this script bellow...
[]'s
Felipe
Felipe的脚本看起来不错,我采用了它,来处理多站点安装和drush。在我的设置中,它找到了我安装中的每个站点。请先尝试使用不那么具有破坏性的 drush 命令:
The script of Felipe looks good, i adopted it, to deal with the multi-site-installations and drush. In my setup it found every site in my installation. Please try it with a not-so-destructive drush command first:
Felipe 和 Nebel54 都给了我很好的开始。我最终大部分工作都是在 Nebel 的基础上进行的,但仍然需要进行一些修改。我发现你的脚本有两个问题,Nebel。
1)看来“PATH”是一个保留字。当我尝试将它用作变量时,它无法正常工作。所以我将其更改为“DPATH”。
2)似乎将 -r 参数传递给 drush 还不够。当我使用它时,它告诉我需要更高的引导级别来运行我的命令。因此,在执行 drush 命令之前,我必须将 CD 写入 $DPATH。
为了进行测试,我首先执行了 sql-connect 命令,因为它仅输出 sql 连接字符串以供检查,并且不进行任何更改。我现在要运行密码更新。这是我的最终脚本:
Felipe and Nebel54 both gave me great starts. I ended up working mostly off of Nebel's, but still had to make some modifications. I found two problems with your script, Nebel.
1) It seems that "PATH" is a reserved word. When I tried to use it as a variable, it didn't work right. So I changed it to "DPATH".
2) It seems that passing the -r parameter to drush isn't sufficient. When I used that, it told me that I needed a higher bootstrap level to run my command. So I had to do a CD to the $DPATH before executing my drush command.
For testing I executed the sql-connect command first because that just outputs the sql connection string for review and doesn't make any changes. I'm about to run the password update now. Here's my final script: