Versions Compared

Old Version 7

changes.mady.by.user Jim Blake

Saved on

compared with

New Version 8

changes.mady.by.user Mike Conlon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Delete the old root account,
    or
  • Set a fresh password on the old root account and delete the new root account.

VIVO releases from 1.3 to 1.5.2

These releases of VIVO include a "back door" to permit this operation. A developer can add a special file to the VIVO code, which will enable a special URL that will give access.

In more detail:

  • Create a file called friend.xml, containing a line like this: <date value="2013-02-18"/>, and put it in the [tomcat]/webapps/<vivocontext>/WEB-INF/classes directory. The date in the file must not be more than 1 week old. If you need to use this mechanism for more than 1 week, you will need to update the file. For example:

    Code Block
    cd /usr/local/tomcat/webapps/vivo/WEB-INF/classes
echo '<date value="2013-02-18"/>' > friend.xml
  • Go to http://localhost:8080/vivo/admin/friend (or whatever is correct for your host and port number and context path), and you are immediately logged in as root.
  • Go to the Site Admin page, User Accounts, and either change the password on the root account or create a new admin account for your use.

This back door will offer no diagnostics if it is attempted incorrectly. The /admin/friend URL will return a simple 404 status

  • if friend.xml does not exist
  • if friend.xml is in the wrong directory
  • if friend.xml is not in the correct format
  • if friend.xml contains a stale date

VIVO releases prior to 1.3

Older VIVO instances did not have a "root" account, per se. Instead, they had "default_admin" accounts.

It is possible to set a new password on the default_admin account using the command line interface to MySQL.

  • Find out the name of the default_admin account (in this example, the name is admin):

    Code Block
    mysql> select obj from jena_g3t1_stmt 
    ->    where subj = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/default#defaultAdminUser:' 
    ->      and prop = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/0.7#username:';
+-------------------------------------------------------+
| Obj                                                   |
+-------------------------------------------------------+
| Lv:0:39:http://www.w3.org/2001/XMLSchema#stringadmin: | 
+-------------------------------------------------------+
1 row in set (0.00 sec)

  • Set the password to rootPassword

    Code Block
    mysql> update jena_g3t1_stmt
    ->    set obj = 'Lv:0:39:http://www.w3.org/2001/XMLSchema#string4BBA69E66998C59F03530EE02C406CB0:'
    ->    where subj = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/default#defaultAdminUser:' 
    ->      and prop = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/0.7#md5password:';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0

  • Log in with the name that you found in the first step, and the password of rootPassword.