OK, I spoke a little too soon. Users can no longer list all
databases, which is great. Unfortunately, they also can't list their
own, resulting in errors when they log into phpMyAdmin:
SQL-query: SHOW DATABASES ;
MySQL said: #1045 - Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)
mysql> SHOW GRANTS FOR 'username'@'%';
+-----------------------------------------------------------------------
---+
| Grants for username@
% |
+-----------------------------------------------------------------------
---+
| GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD
'blablabla' |
| GRANT ALL PRIVILEGES ON `username`.* TO
'username'@'%' |
+-----------------------------------------------------------------------
---+
OK, the documentation says:
If the server was started with the --skip-show-database option, you
cannot use this statement at all unless you have the SHOW DATABASES
privilege.
From what I can tell, however, I can't grant the SHOW DATABASES
privilege to a user for his own databases in 3.x.
Is there any way in 3.x to allow a user to list ONLY his own
databases? The ultimate problem is this: we have a number of users
with Lasso code that is getting confused when it can see the full
list (plus, we'd just rather people not be able to do that). So we
needed to disable show databases to get Lasso working properly.
Unfortunately, we also need phpMyAdmin to work properly, and it seems
to have problems if this feature is disabled.
Thanks,
-Bill
On Dec 19, 2005, at 7:34 AM, William R. Dickson wrote:
This did the trick. Many thanks. I had found that option, but
misinterpreted what I read; I thought it was only available in 4.x.
Thanks again!
-Bill
On Dec 14, 2005, at 6:59 PM, Michael Stassen wrote:
William R. Dickson wrote:
OK, I strongly suspect I've just done something stupid here, but
I'm having trouble figuring it out. I had a disk go bad on a
MySQL server this past weekend. I did a clean system install
(FreeBSD 5.4) on a new disk, installed the MySQL 3.23 port, and
restored the mysql data directory from backup. Everything is
working fine...except now, every user is able to get a list of
every database on the system. They can't actually use the
databases, but I'd rather they couldn't get the list, either.
Following some suggestions I found in the list archives, I did a
SHOW GRANTS and found the following (database names match
usernames):
GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD
'blablabla'
GRANT ALL PRIVILEGES ON `username`.* TO 'username'@'%'
I suspect that the problem lies with every user having "USAGE'
privileges on every database (although entering "use
otherusername;" returns an error indicating the user has no
permissions to read the database). However, I can't seem to
revoke this privileges. I can't even find the privilege in any
of the tables.
Can someone point my addled brain in the right direction here?
Thanks!
-Bill
I know it is counter-intuitive, but "USAGE" means no privileges.
In 3.23, seeing all databases is the default behavior, turned off
by starting mysqld with the --skip-show-database option. This
changed to the behavior you are expecting in 4.0.2.
See the manual for more <http://dev.mysql.com/doc/refman/4.1/en/
show-databases.html>.
Michael
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
