2 May
2025
2 May
'25
2:50 p.m.
I am enquiring as to the *minimum* privileges required by the RoundCube user to access the backend SQL (MariaDB) Server. I am going to assume - and please correct me if I am wrong - that the *required* privileges are:
- DELETE, INSERT, SELECT, and UPDATE
Yes you are right. I am using socket auth instead of having a SQL password. This way there is no password to leak in config files. And it successfully runs with only the 4 permissions.
CREATE USER apache@localhost IDENTIFIED VIA unix_socket; GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO apache@localhost;