Re: how to give a `root` mysql DB to each user ...
Thanks Victoria, but will not this be very very insecure ? I mean, by granting access to mysql DB, user could drop it, or grab a passwd from another user in there. Am I missing something ? Frederic Trudeau [A]dvanced [S]upport [A]gent Colocation/Customer Support Agent CAM Internet - http://www.cam.org My God ! It's full of stars On Wed, 30 Jan 2002, Victoria Reznichenko wrote: Frederic, Wednesday, January 30, 2002, 4:42:50 AM, you wrote: FT I`ll make myself more clear here ! FT I work for a small ISP, we give a MySQL DB access to each of our corpo FT users, if they request it. We just build new more performant machines, and FT instead of giving them only a Database, in which they can create as many FT tables as they want, we want to give them some sort `root` DB access, in FT which they can create as many DB as they want, and so forth. FT In a more graphical type of way to explain things, here is the structure FT of the mysql data we have ... FT in /var/lib/mysql ; FT [root@kalx mysql]# l FT total 32 FT drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 . FT drwxr-xr-x 13 root root 4096 Jan 17 09:13 .. FT drwx--2 mysqlmysql4096 Jan 29 16:43 mysql FT drwx--2 mysqlmysql4096 Jan 29 12:55 test FT drwx--2 mysqlmysql4096 Jan 29 16:59 user1 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user2 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user3 FT Now, each 'user*' is a DB, which is named after him, that can be accessed FT only by this particular user. In a sense, they are 'locked' in their own FT DB, and can create as many tables as they what, but they have to FT contact us to create yet another DB, for which we have to create another FT username + password ... We wish to grant them the priviledge of creating FT as much DB as they want. You can create user by using GRANT, something like this: GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION; or GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION; Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html FT There, I think I made myself clear enough =) FT Thanks for any help... -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: how to give a `root` mysql DB to each user ...
Frederic, Wednesday, January 30, 2002, 4:56:11 PM, you wrote: FT Thanks Victoria, but will not this be very very insecure ? FT I mean, by granting access to mysql DB, user could drop it, FT or grab a passwd from another user in there. Am I missing FT something ? If you create user with privileges on all databases (*.*), you get access not only to user's databases but also to mysql db. It's impossible to create user with all privileges but exclude something you want. You set privileges on global level and statement like the following works using table user mysql db: GRANT ALL ON *.* TO ''@localhost If you want to take off grants from user on mysql.*, it will work on database level with table db mysql db: REVOKE UPDATE ON mysql.* FROM ''@localhost FT Frederic Trudeau FT My God ! It's full of stars FT On Wed, 30 Jan 2002, Victoria Reznichenko wrote: Frederic, Wednesday, January 30, 2002, 4:42:50 AM, you wrote: FT I`ll make myself more clear here ! FT I work for a small ISP, we give a MySQL DB access to each of our corpo FT users, if they request it. We just build new more performant machines, and FT instead of giving them only a Database, in which they can create as many FT tables as they want, we want to give them some sort `root` DB access, in FT which they can create as many DB as they want, and so forth. [skip] FT Now, each 'user*' is a DB, which is named after him, that can be accessed FT only by this particular user. In a sense, they are 'locked' in their own FT DB, and can create as many tables as they what, but they have to FT contact us to create yet another DB, for which we have to create another FT username + password ... We wish to grant them the priviledge of creating FT as much DB as they want. You can create user by using GRANT, something like this: GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION; or GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION; Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
