Jeremy Zawodny wrote:
> On Wed, Apr 02, 2003 at 01:46:00PM -0800, Chris Jaeger wrote:
>
>>Hi all,
>>
>> I'm wondering if there is some way to setup privileges in the grant
>>tables such that a user can create or drop any arbitrary table in
>>databases that user is associated with, but be unable to create or drop
>>the databases themselves. I was hoping the tables_priv table would come
>>to my rescue, but the MySQL documentation claims that you can't specify
>>wildcards in the table_name column.
>
>
> Give them CREATE and DROP privileges on the databases you'd like them
> to be able to mess with.
>
Thanks Jeremy, but I'm still having trouble. Perhaps I am setting this
up wrong, but this doesn't seem to work. Assume that I have a user foo
who wishes to use a database bar. Here is what I execute:
CREATE DATABASE bar;
GRANT SELECT, INSERT, DELETE, DROP, CREATE, UPDATE, INDEX, ALTER
ON bar.*
TO foo@localhost IDENTIFIED BY 'pass';
After this has gone through, I can see that the user foo has no
privileges in the user table, and only the granted privileges in the db
table. However, when connecting as the user foo, I can still execute the
commands:
DROP DATABASE bar;
CREATE DATABASE bar;
and they work. The user foo can't create/drop any other databases, but
he can do this to bar, which unfortunately is not acceptable for my
application (we are using symbolic links to database directories, and
this sequence allows the user to remove the symlink and recreate the
database under /var/lib/mysql, which is the data directory on our server).
Any advice is appreciated.
Regards,
Chris
