Re[2]: how to give a `root` mysql DB to each user ...

2002-02-01 Thread Victoria Reznichenko 

Hello Carl,

Friday, February 01, 2002, 12:17:07 AM, you wrote:

CM Victoria,

CM I'm pretty new and this and have a similar need so I played with the steps
CM you posted.  However, the revoke command did not work.  I received the error
CM ERROR 1141: There is not such grant defined for user 'userid' on host '%'.

As I have told, you can't set all privileges excluding one. 
Currently it's not supported.

If you set global privileges, MySQL adds rows only to table
user in mysql database. If you revoke grants from user on some
databases (as mysql db), you change the db table in mysql database
instead of table user, but there are no records in table db which can determine 
grants for your root user :(


CM Any thoughts?

CM If you create user with privileges on all databases (*.*), you get access
CM not only to user's databases but also to mysql db. It's impossible to create
CM user with all privileges but exclude something you want.

CM You set privileges on global level and statement like the following works
CM using table user mysql db:
CM GRANT ALL ON *.* TO ''@localhost


CM If you want to take off grants from user on mysql.*, it will work on
CM database level with table db mysql db:
CMREVOKE UPDATE ON mysql.* FROM ''@localhost




-- 
For technical support contracts, goto https://order.mysql.com/
This email is sponsored by Ensita.net http://www.ensita.net/
   __  ___ ___   __
  /  |/  /_ __/ __/ __ \/ /Victoria Reznichenko
 / /|_/ / // /\ \/ /_/ / /__   [EMAIL PROTECTED]
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.net
   ___/   www.mysql.com




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

how to give a `root` mysql DB to each user ...

2002-01-30 Thread Victoria Reznichenko 

Frederic,

Wednesday, January 30, 2002, 4:42:50 AM, you wrote:

FT I`ll make myself more clear here !

FT I work for a small ISP, we give a MySQL DB access to each of our corpo
FT users, if they request it. We just build new more performant machines, and
FT instead of giving them only a Database, in which they can create as many
FT tables as they want, we want to give them some sort `root` DB access, in
FT which they can create as many DB as they want, and so forth.

FT In a more graphical type of way to explain things, here is the structure
FT of the mysql data we have ...

FT in /var/lib/mysql ;

FT [root@kalx mysql]# l
FT total 32
FT drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 .
FT drwxr-xr-x   13 root root 4096 Jan 17 09:13 ..
FT drwx--2 mysqlmysql4096 Jan 29 16:43 mysql
FT drwx--2 mysqlmysql4096 Jan 29 12:55 test
FT drwx--2 mysqlmysql4096 Jan 29 16:59 user1
FT drwx--2 mysqlmysql4096 Jan 29 16:59 user2
FT drwx--2 mysqlmysql4096 Jan 29 16:59 user3

FT Now, each 'user*' is a DB, which is named after him, that can be accessed
FT only by this particular user. In a sense, they are 'locked' in their own
FT DB, and can create as many tables as they what, but they have to
FT contact us to create yet another DB, for which we have to create another
FT username + password ... We wish to grant them the priviledge of creating
FT as much DB as they want.

You can create user by using GRANT, something like this:
GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION;
or
GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION;

Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html

FT There, I think I made myself clear enough =)
FT Thanks for any help...





-- 
For technical support contracts, goto https://order.mysql.com/
This email is sponsored by Ensita.net http://www.ensita.net/
   __  ___ ___   __
  /  |/  /_ __/ __/ __ \/ /Victoria Reznichenko
 / /|_/ / // /\ \/ /_/ / /__   [EMAIL PROTECTED]
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.net
   ___/   www.mysql.com




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: how to give a `root` mysql DB to each user ...

2002-01-30 Thread Frederic Trudeau 



Thanks Victoria, but will not this be very very insecure ? I mean, by
granting access to mysql DB, user could drop it, or grab a passwd from
another user in there. Am I missing something ?


Frederic Trudeau


[A]dvanced [S]upport [A]gent
Colocation/Customer Support Agent
CAM Internet - http://www.cam.org

My God ! It's full of stars

On Wed, 30 Jan 2002, Victoria Reznichenko wrote:

 Frederic,

 Wednesday, January 30, 2002, 4:42:50 AM, you wrote:

 FT I`ll make myself more clear here !

 FT I work for a small ISP, we give a MySQL DB access to each of our corpo
 FT users, if they request it. We just build new more performant machines, and
 FT instead of giving them only a Database, in which they can create as many
 FT tables as they want, we want to give them some sort `root` DB access, in
 FT which they can create as many DB as they want, and so forth.

 FT In a more graphical type of way to explain things, here is the structure
 FT of the mysql data we have ...

 FT in /var/lib/mysql ;

 FT [root@kalx mysql]# l
 FT total 32
 FT drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 .
 FT drwxr-xr-x   13 root root 4096 Jan 17 09:13 ..
 FT drwx--2 mysqlmysql4096 Jan 29 16:43 mysql
 FT drwx--2 mysqlmysql4096 Jan 29 12:55 test
 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user1
 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user2
 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user3

 FT Now, each 'user*' is a DB, which is named after him, that can be accessed
 FT only by this particular user. In a sense, they are 'locked' in their own
 FT DB, and can create as many tables as they what, but they have to
 FT contact us to create yet another DB, for which we have to create another
 FT username + password ... We wish to grant them the priviledge of creating
 FT as much DB as they want.

 You can create user by using GRANT, something like this:
 GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION;
 or
 GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION;

 Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html

 FT There, I think I made myself clear enough =)
 FT Thanks for any help...





 --
 For technical support contracts, goto https://order.mysql.com/
 This email is sponsored by Ensita.net http://www.ensita.net/
__  ___ ___   __
   /  |/  /_ __/ __/ __ \/ /Victoria Reznichenko
  / /|_/ / // /\ \/ /_/ / /__   [EMAIL PROTECTED]
 /_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.net
___/   www.mysql.com




 -
 Before posting, please check:
http://www.mysql.com/manual.php   (the manual)
http://lists.mysql.com/   (the list archive)

 To request this thread, e-mail [EMAIL PROTECTED]
 To unsubscribe, e-mail [EMAIL PROTECTED]
 Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: how to give a `root` mysql DB to each user ...

2002-01-30 Thread Victoria Reznichenko 

Frederic,

Wednesday, January 30, 2002, 4:56:11 PM, you wrote:


FT Thanks Victoria, but will not this be very very insecure ? FT I mean, by granting 
access to mysql DB, user could drop it, 
FT or grab a passwd from another user in there. Am I missing 
FT something ?

If you create user with privileges on all databases (*.*), you get access not only to 
user's databases but also to mysql db. It's impossible to create user with all 
privileges but exclude something you want.

You set privileges on global level and statement like the following works using table 
user mysql db:
GRANT ALL ON *.* TO ''@localhost


If you want to take off grants from user on mysql.*, it will work on database level 
with table db mysql db:
   REVOKE UPDATE ON mysql.* FROM ''@localhost



FT Frederic Trudeau


FT My God ! It's full of stars

FT On Wed, 30 Jan 2002, Victoria Reznichenko wrote:

 Frederic,

 Wednesday, January 30, 2002, 4:42:50 AM, you wrote:

 FT I`ll make myself more clear here !

 FT I work for a small ISP, we give a MySQL DB access to each of our corpo
 FT users, if they request it. We just build new more performant machines, and
 FT instead of giving them only a Database, in which they can create as many
 FT tables as they want, we want to give them some sort `root` DB access, in
 FT which they can create as many DB as they want, and so forth.

[skip]

 FT Now, each 'user*' is a DB, which is named after him, that can be accessed
 FT only by this particular user. In a sense, they are 'locked' in their own
 FT DB, and can create as many tables as they what, but they have to
 FT contact us to create yet another DB, for which we have to create another
 FT username + password ... We wish to grant them the priviledge of creating
 FT as much DB as they want.

You can create user by using GRANT, something like this:
GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION;
or
GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION;
Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html





-- 
For technical support contracts, goto https://order.mysql.com/
This email is sponsored by Ensita.net http://www.ensita.net/
   __  ___ ___   __
  /  |/  /_ __/ __/ __ \/ /Victoria Reznichenko
 / /|_/ / // /\ \/ /_/ / /__   [EMAIL PROTECTED]
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.net
   ___/   www.mysql.com




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

how to give a `root` mysql DB to each user ...

2002-01-29 Thread Frederic Trudeau 



I`ll make myself more clear here !

I work for a small ISP, we give a MySQL DB access to each of our corpo
users, if they request it. We just build new more performant machines, and
instead of giving them only a Database, in which they can create as many
tables as they want, we want to give them some sort `root` DB access, in
which they can create as many DB as they want, and so forth.

In a more graphical type of way to explain things, here is the structure
of the mysql data we have ...

in /var/lib/mysql ;

[root@kalx mysql]# l
total 32
drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 .
drwxr-xr-x   13 root root 4096 Jan 17 09:13 ..
drwx--2 mysqlmysql4096 Jan 29 16:43 mysql
drwx--2 mysqlmysql4096 Jan 29 12:55 test
drwx--2 mysqlmysql4096 Jan 29 16:59 user1
drwx--2 mysqlmysql4096 Jan 29 16:59 user2
drwx--2 mysqlmysql4096 Jan 29 16:59 user3

Now, each 'user*' is a DB, which is named after him, that can be accessed
only by this particular user. In a sense, they are 'locked' in their own
DB, and can create as many tables as they what, but they have to
contact us to create yet another DB, for which we have to create another
username + password ... We wish to grant them the priviledge of creating
as much DB as they want.

There, I think I made myself clear enough =)
Thanks for any help...


-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php