DELETE FROM mysql.user?

Mark C. Stafford Thu, 02 Sep 2004 09:07:41 -0700

Should I care that USAGE still shows up after all rights have been
revoked? It feels like a potential security hole...




-- working around the system to ensure a clean environment
-- i feel like i shouldn't have to do this...but want to start with a
clean slate
DELETE FROM mysql.user WHERE user = 'jdoe';
DELETE FROM mysql.columns_priv WHERE user = 'jdoe';
DELETE FROM mysql.tables_priv WHERE user = 'jdoe';
DELETE FROM mysql.db WHERE user = 'jdoe';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
[localhost -- root] ERROR 1141: There is no such grant defined for
user 'jdoe' on host '192.168.%'
*/

-- simulating new user
GRANT SELECT ON test.* TO 'jdoe'@'192.168.%' IDENTIFIED BY 'still-got-usage';
GRANT INSERT ON test.* TO 'jdoe'@'192.168.%';
GRANT UPDATE ON test.* TO 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
| GRANT SELECT, INSERT ON `test`.* TO 'jdoe'@'192.168.%'              
              |
+------------------------------------------------------------------------------------+
*/

-- simulating user's departure from organization
REVOKE SELECT ON test.* FROM 'jdoe'@'192.168.%';
REVOKE INSERT ON test.* FROM 'jdoe'@'192.168.%';
REVOKE UPDATE ON test.* FROM 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
+------------------------------------------------------------------------------------+
*/

--try it again, sam
REVOKE USAGE ON *.* FROM 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
+------------------------------------------------------------------------------------+
*/

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

DELETE FROM mysql.user?

Reply via email to