Re: I thought --safe-show-database was default?

Thu, 16 Sep 2004 08:06:41 -0700 


Mark wrote:

Mark wrote:

Indeed, I thought --safe-show-database was default now? Running MySql 

It is.  Users can only see dbs to which they have access.

4.0.21, I noticed, to my dismay, that phpMyadmin still shows the
databases the user has no access to! I have a user, call it testuser,
who has the following global privileges:


That word "global" is the key.

CREATE TEMPORARY TABLES, LOCK TABLES

And only ALL privileges on its own database. phpMyadmin is not
actually allowing access to other databases with this user, but it
does LIST them, which I do not like either. How can I revert things
back to the way they were, namely with not showing any database the
user has no access to?

YOu may find that testuser can lock tables and create temporary tables in those other dbs!

(N.B. Perhaps the CREATE TEMPORARY TABLES has something to do with
it? I think it came with an ugrade script once, for 3.32 to 4.0.x).

At any rate, any help would be appreciated, 

An update; I did the following:

mysql> show grants for 'testuser'@'localhost';
+----------------------------------------------------------------------------------------------------------------------+

| Grants for [EMAIL PROTECTED] |
+----------------------------------------------------------------------------------------------------------------------+

| GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 'testuser'@'localhost' IDENTIFIED BY PASSWORD 'yeahright' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER ON `testdb`.* TO 'testuser'@'localhost' |
+----------------------------------------------------------------------------------------------------------------------+

The answer is right there. You granted testuser the LOCK TABLES and CREATE TEMPORARY TABLES privileges on all dbs (*.*). Hence testuser has the right to see all dbs listed. Try

  REVOKE CREATE TEMPORARY TABLES, LOCK TABLES ON *.*
  FROM 'testuser'@'localhost';

  GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON testdb.*
  TO 'testuser'@'localhost';

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

[logged in as testuser]

mysql> show databases;
+------------+
| Database   |
+------------+
| db1        |
| db2        |
| db3        |
| testdb     |
| db4        |
| db5        |
+------------+
7 rows in set (0.00 sec)

That is NOT supposed to happen!

- Mark

See the manual <http://dev.mysql.com/doc/mysql/en/Privilege_system.html> for more.

Michael

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to