List:General Discussion« Previous MessageNext Message »
From:Chris Jaeger Date:April 4 2003 2:14am
Subject:Re: How to prevent a user from dropping/creating a database
View as plain text  

Jeremy Zawodny wrote:
> On Wed, Apr 02, 2003 at 01:46:00PM -0800, Chris Jaeger wrote:
> 
>>Hi all,
>>
>>	I'm wondering if there is some way to setup privileges in the grant 
>>tables such that a user can create or drop any arbitrary table in 
>>databases that user is associated with, but be unable to create or drop 
>>the databases themselves. I was hoping the tables_priv table would come 
>>to my rescue, but the MySQL documentation claims that you can't specify 
>>wildcards in the table_name column.
> 
> 
> Give them CREATE and DROP privileges on the databases you'd like them
> to be able to mess with.
> 

	Thanks Jeremy, but I'm still having trouble. Perhaps I am setting this 
up wrong, but this doesn't seem to work. Assume that I have a user foo 
who wishes to use a database bar. Here is what I execute:

CREATE DATABASE bar;
GRANT SELECT, INSERT, DELETE, DROP, CREATE, UPDATE, INDEX, ALTER
       ON bar.*
       TO foo@localhost IDENTIFIED BY 'pass';

	After this has gone through, I can see that the user foo has no 
privileges in the user table, and only the granted privileges in the db 
table. However, when connecting as the user foo, I can still execute the 
commands:

DROP DATABASE bar;
CREATE DATABASE bar;

	and they work. The user foo can't create/drop any other databases, but 
he can do this to bar, which unfortunately is not acceptable for my 
application (we are using symbolic links to database directories, and 
this sequence allows the user to remove the symlink and recreate the 
database under /var/lib/mysql, which is the data directory on our server).

	Any advice is appreciated.

Regards,
Chris

Thread
How to prevent a user from dropping/creating a databaseChris Jaeger2 Apr
  • Re: How to prevent a user from dropping/creating a databaseJeremy Zawodny4 Apr
  • Re: How to prevent a user from dropping/creating a databaseChris Jaeger4 Apr