Re[2]: how to give a `root` mysql DB to each user ...
Hello Carl, Friday, February 01, 2002, 12:17:07 AM, you wrote: CM Victoria, CM I'm pretty new and this and have a similar need so I played with the steps CM you posted. However, the revoke command did not work. I received the error CM ERROR 1141: There is not such grant defined for user 'userid' on host '%'. As I have told, you can't set all privileges excluding one. Currently it's not supported. If you set global privileges, MySQL adds rows only to table user in mysql database. If you revoke grants from user on some databases (as mysql db), you change the db table in mysql database instead of table user, but there are no records in table db which can determine grants for your root user :( CM Any thoughts? CM If you create user with privileges on all databases (*.*), you get access CM not only to user's databases but also to mysql db. It's impossible to create CM user with all privileges but exclude something you want. CM You set privileges on global level and statement like the following works CM using table user mysql db: CM GRANT ALL ON *.* TO ''@localhost CM If you want to take off grants from user on mysql.*, it will work on CM database level with table db mysql db: CMREVOKE UPDATE ON mysql.* FROM ''@localhost -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
how to give a `root` mysql DB to each user ...
Frederic, Wednesday, January 30, 2002, 4:42:50 AM, you wrote: FT I`ll make myself more clear here ! FT I work for a small ISP, we give a MySQL DB access to each of our corpo FT users, if they request it. We just build new more performant machines, and FT instead of giving them only a Database, in which they can create as many FT tables as they want, we want to give them some sort `root` DB access, in FT which they can create as many DB as they want, and so forth. FT In a more graphical type of way to explain things, here is the structure FT of the mysql data we have ... FT in /var/lib/mysql ; FT [root@kalx mysql]# l FT total 32 FT drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 . FT drwxr-xr-x 13 root root 4096 Jan 17 09:13 .. FT drwx--2 mysqlmysql4096 Jan 29 16:43 mysql FT drwx--2 mysqlmysql4096 Jan 29 12:55 test FT drwx--2 mysqlmysql4096 Jan 29 16:59 user1 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user2 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user3 FT Now, each 'user*' is a DB, which is named after him, that can be accessed FT only by this particular user. In a sense, they are 'locked' in their own FT DB, and can create as many tables as they what, but they have to FT contact us to create yet another DB, for which we have to create another FT username + password ... We wish to grant them the priviledge of creating FT as much DB as they want. You can create user by using GRANT, something like this: GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION; or GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION; Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html FT There, I think I made myself clear enough =) FT Thanks for any help... -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: how to give a `root` mysql DB to each user ...
Thanks Victoria, but will not this be very very insecure ? I mean, by granting access to mysql DB, user could drop it, or grab a passwd from another user in there. Am I missing something ? Frederic Trudeau [A]dvanced [S]upport [A]gent Colocation/Customer Support Agent CAM Internet - http://www.cam.org My God ! It's full of stars On Wed, 30 Jan 2002, Victoria Reznichenko wrote: Frederic, Wednesday, January 30, 2002, 4:42:50 AM, you wrote: FT I`ll make myself more clear here ! FT I work for a small ISP, we give a MySQL DB access to each of our corpo FT users, if they request it. We just build new more performant machines, and FT instead of giving them only a Database, in which they can create as many FT tables as they want, we want to give them some sort `root` DB access, in FT which they can create as many DB as they want, and so forth. FT In a more graphical type of way to explain things, here is the structure FT of the mysql data we have ... FT in /var/lib/mysql ; FT [root@kalx mysql]# l FT total 32 FT drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 . FT drwxr-xr-x 13 root root 4096 Jan 17 09:13 .. FT drwx--2 mysqlmysql4096 Jan 29 16:43 mysql FT drwx--2 mysqlmysql4096 Jan 29 12:55 test FT drwx--2 mysqlmysql4096 Jan 29 16:59 user1 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user2 FT drwx--2 mysqlmysql4096 Jan 29 16:59 user3 FT Now, each 'user*' is a DB, which is named after him, that can be accessed FT only by this particular user. In a sense, they are 'locked' in their own FT DB, and can create as many tables as they what, but they have to FT contact us to create yet another DB, for which we have to create another FT username + password ... We wish to grant them the priviledge of creating FT as much DB as they want. You can create user by using GRANT, something like this: GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION; or GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION; Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html FT There, I think I made myself clear enough =) FT Thanks for any help... -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: how to give a `root` mysql DB to each user ...
Frederic, Wednesday, January 30, 2002, 4:56:11 PM, you wrote: FT Thanks Victoria, but will not this be very very insecure ? FT I mean, by granting access to mysql DB, user could drop it, FT or grab a passwd from another user in there. Am I missing FT something ? If you create user with privileges on all databases (*.*), you get access not only to user's databases but also to mysql db. It's impossible to create user with all privileges but exclude something you want. You set privileges on global level and statement like the following works using table user mysql db: GRANT ALL ON *.* TO ''@localhost If you want to take off grants from user on mysql.*, it will work on database level with table db mysql db: REVOKE UPDATE ON mysql.* FROM ''@localhost FT Frederic Trudeau FT My God ! It's full of stars FT On Wed, 30 Jan 2002, Victoria Reznichenko wrote: Frederic, Wednesday, January 30, 2002, 4:42:50 AM, you wrote: FT I`ll make myself more clear here ! FT I work for a small ISP, we give a MySQL DB access to each of our corpo FT users, if they request it. We just build new more performant machines, and FT instead of giving them only a Database, in which they can create as many FT tables as they want, we want to give them some sort `root` DB access, in FT which they can create as many DB as they want, and so forth. [skip] FT Now, each 'user*' is a DB, which is named after him, that can be accessed FT only by this particular user. In a sense, they are 'locked' in their own FT DB, and can create as many tables as they what, but they have to FT contact us to create yet another DB, for which we have to create another FT username + password ... We wish to grant them the priviledge of creating FT as much DB as they want. You can create user by using GRANT, something like this: GRANT ALL ON *.* TO ''@localhost WITH GRANT OPTION; or GRANT ALL ON *.* TO ''@'%' WITH GRANT OPTION; Get some more info at: http://www.mysql.com/doc/G/R/GRANT.html -- For technical support contracts, goto https://order.mysql.com/ This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
how to give a `root` mysql DB to each user ...
I`ll make myself more clear here ! I work for a small ISP, we give a MySQL DB access to each of our corpo users, if they request it. We just build new more performant machines, and instead of giving them only a Database, in which they can create as many tables as they want, we want to give them some sort `root` DB access, in which they can create as many DB as they want, and so forth. In a more graphical type of way to explain things, here is the structure of the mysql data we have ... in /var/lib/mysql ; [root@kalx mysql]# l total 32 drwxr-xr-x7 mysqlmysql4096 Jan 29 16:59 . drwxr-xr-x 13 root root 4096 Jan 17 09:13 .. drwx--2 mysqlmysql4096 Jan 29 16:43 mysql drwx--2 mysqlmysql4096 Jan 29 12:55 test drwx--2 mysqlmysql4096 Jan 29 16:59 user1 drwx--2 mysqlmysql4096 Jan 29 16:59 user2 drwx--2 mysqlmysql4096 Jan 29 16:59 user3 Now, each 'user*' is a DB, which is named after him, that can be accessed only by this particular user. In a sense, they are 'locked' in their own DB, and can create as many tables as they what, but they have to contact us to create yet another DB, for which we have to create another username + password ... We wish to grant them the priviledge of creating as much DB as they want. There, I think I made myself clear enough =) Thanks for any help... - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php