User Privileges being set to 'N'

Noonan, David (SCH) Thu, 06 Dec 2001 04:19:38 -0800

Hello,
        At seemingly random intervals all of the privileges for every user
in the mysql.user table get set to 'N'.  I found the statements below in the
binlog.  Is there a way to find out who/what ran these?


        Answers to some security questions:  There are only three users in
MySQL.  Root and noonand have access to everything, netweb has SELECT,
INSERT, UPDATE, DELETE on selected databases, not including mysql.  All of
them have good (8 char alphanum) passwords.  The box is a dept web server
inside corporate firewalls.

        I notice that the REVOKEs only removed privileges that had been
granted.  For instance File_priv wasn't revoked for netweb as that user
never had the privilege.  I'd think if this were a person they'd have done
REVOKE ALL PRIVILEGES ON *.* FROM ... and not gone through individual
tables, etc.  There aren't any jobs that run at 0146.  The only one close is
the 0100 update of htDig but that doesn't use MySQL.

        That's all I can think to pass on at the moment.  If anyone can give
me a clue I'd appreciate it.

Thanks,
Dave Noonan

=======================
REVOKE SELECT, INSERT, UPDATE, DELETE ON `agora`.* FROM 'netweb'@'%';
# at 197583
#011204  1:46:36 server id  1   Query   thread_id=10969 exec_time=0
error_code=0
SET TIMESTAMP=1007448396;
REVOKE SELECT, INSERT, UPDATE, DELETE ON `owl`.* FROM 'netweb'@'%';
# at 197679
#011204  1:46:36 server id  1   Query   thread_id=10970 exec_time=0
error_code=0
SET TIMESTAMP=1007448396;
REVOKE SELECT, INSERT, UPDATE, DELETE ON `phpBB`.* FROM 'netweb'@'%';
# at 197777
#011204  1:46:37 server id  1   Query   thread_id=10971 exec_time=0
error_code=0
SET TIMESTAMP=1007448397;
REVOKE SELECT, INSERT, UPDATE, DELETE ON `tccweb`.* FROM 'netweb'@'%';
# at 197876
#011204  1:46:37 server id  1   Query   thread_id=10972 exec_time=0
error_code=0
SET TIMESTAMP=1007448397;
REVOKE ALL PRIVILEGES ON *.* FROM 'noonand'@'%';
# at 197953
#011204  1:46:38 server id  1   Query   thread_id=10973 exec_time=0
error_code=0
SET TIMESTAMP=1007448398;
REVOKE GRANT OPTION ON *.* FROM 'noonand'@'%';
# at 198028
#011204  1:46:38 server id  1   Query   thread_id=10974 exec_time=0
error_code=0
SET TIMESTAMP=1007448398;
REVOKE ALL PRIVILEGES ON *.* FROM 'root'@'%';
# at 198102
#011204  1:46:38 server id  1   Query   thread_id=10975 exec_time=0
error_code=0
SET TIMESTAMP=1007448398;
REVOKE GRANT OPTION ON *.* FROM 'root'@'%';
# at 198174
#011204  1:46:39 server id  1   Query   thread_id=10976 exec_time=0
error_code=0
SET TIMESTAMP=1007448399;
REVOKE ALL PRIVILEGES ON *.* FROM 'root'@'localhost';
# at 198256
#011204  1:46:39 server id  1   Query   thread_id=10977 exec_time=0
error_code=0
SET TIMESTAMP=1007448399;
REVOKE GRANT OPTION ON *.* FROM 'root'@'localhost';
# at 198336
=======================


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

User Privileges being set to 'N'

Reply via email to