Re: Safe Database Problem
Oh Jeeze- why didn't I think of removing this. When I upgraded the default is to have these two as 'Y', however, for some reason, that means that show databases shows all databases despite no permissions. That doesn't seem logical on one hand (if they don't have permissions to the database nor its tables, how could they create/lock on its tables), but on the other (they need to be able to see the databases to do a tmp table and a lock). In any case, problem fixed. I'm going to add a note to the docs to save people my troubles. Create_tmp_table_priv: Y Lock_tables_priv: Y Cheers; -M From: Victoria Reznichenko <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Safe Database Problem Date: Fri, 13 Feb 2004 13:38:50 +0200 "Mike Miller" <[EMAIL PROTECTED]> wrote: > Hi, > > I believe I've done everything from the book and have been fighting with > the same problem for about 6 hours thus far. > > I just upgraded from MySQL 3.23.56 to 4.0.17. In the old system, I > prevented show databases from ordinary users using skip-show-databases. In > order to upgrade I used the same data directory and ran the fix_privs script > as instructed to all all of the required fields to the mysql.* tables as it > did. ALl of this is successful and I can see it all there when I browse > these tables. I did a flush privs, reloaded the whole daemon a few times to > no avail. > All users besides root have been revoked (actually they never had) show > databases permission, yet all users are still able to execute show databses > and receive a list of hundreds of databases. > SHOW VARIABLES keeps telling me that skip show database is OFF, yet I > can't seem to change it with any combo of startup parameters or set commands > due to it being a 'depreciated variable' in all the docs. > I don't see what I'm missing. Is there a trick with the new versions > which I'm not getting? > Check privileges of those users. If they have such global privileges (on all databases) as SELECT, UPDATE etc. or CREATE TEMPORARY TABLES, LOCK TABLES, they also can see databases in the output of SHOW DATABASES. -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net <___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Safe Database Problem
"Mike Miller" <[EMAIL PROTECTED]> wrote: > Hi, > > I believe I've done everything from the book and have been fighting with > the same problem for about 6 hours thus far. > > I just upgraded from MySQL 3.23.56 to 4.0.17. In the old system, I > prevented show databases from ordinary users using skip-show-databases. In > order to upgrade I used the same data directory and ran the fix_privs script > as instructed to all all of the required fields to the mysql.* tables as it > did. ALl of this is successful and I can see it all there when I browse > these tables. I did a flush privs, reloaded the whole daemon a few times to > no avail. > All users besides root have been revoked (actually they never had) show > databases permission, yet all users are still able to execute show databses > and receive a list of hundreds of databases. > SHOW VARIABLES keeps telling me that skip show database is OFF, yet I > can't seem to change it with any combo of startup parameters or set commands > due to it being a 'depreciated variable' in all the docs. > I don't see what I'm missing. Is there a trick with the new versions > which I'm not getting? > Check privileges of those users. If they have such global privileges (on all databases) as SELECT, UPDATE etc. or CREATE TEMPORARY TABLES, LOCK TABLES, they also can see databases in the output of SHOW DATABASES. -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net <___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Safe Database Problem
Hi, I believe I've done everything from the book and have been fighting with the same problem for about 6 hours thus far. I just upgraded from MySQL 3.23.56 to 4.0.17. In the old system, I prevented show databases from ordinary users using skip-show-databases. In order to upgrade I used the same data directory and ran the fix_privs script as instructed to all all of the required fields to the mysql.* tables as it did. ALl of this is successful and I can see it all there when I browse these tables. I did a flush privs, reloaded the whole daemon a few times to no avail. All users besides root have been revoked (actually they never had) show databases permission, yet all users are still able to execute show databses and receive a list of hundreds of databases. SHOW VARIABLES keeps telling me that skip show database is OFF, yet I can't seem to change it with any combo of startup parameters or set commands due to it being a 'depreciated variable' in all the docs. I don't see what I'm missing. Is there a trick with the new versions which I'm not getting? Thanks in advance, -M _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
