Actually, we do this with a very simple patch to the
source code distribution of MySQL. We decided to
link the privileges for "shutdown" and that of
"show databases" because we restrict shutdown
privileges to just network staff.
Here's the patch:
*** sql_parse.cc.orig Mon Feb 1 07:10:03 1999
--- sql_parse.cc Mon Feb 1 07:10:41 1999
*** 898,903 ****
--- 898,910 ----
send_error(&thd->net,ER_NOT_ALLOWED_COMMAND); /* purecov:
+ /* TAC: BestHost change - we add a restriction on the show_databases
+ command, don't want just anyone knowing that stuff...
+ easiest thing to do is, if you can shutdown the server
+ you can see the clients :)
+ if (check_access(thd,SHUTDOWN_ACL,any_db))
+ goto error;
res= mysqld_show_dbs(thd, (lex->wild ? lex->wild->ptr() : NullS));
Circle Net, Inc.
> -----Original Message-----
> From: Paul DuBois [mailto:paul@stripped]
> Sent: Wednesday, April 14, 1999 11:04 AM
> To: Paul Schwarzl
> Cc: mysql@stripped
> Subject: Re: privileges system - deny list of databases
> >Hi there!
> >Is it possibly (with the mysql-priv.system) to create a
> user, who has full
> >access priv. to one database, but is unable to list all
> other the databases?
> >(Means: this user should not see that there are other
> databases at all)
> No, not if you're talking about a single-server setup.
> You would have to run a second server (on a separate port,
> say), and allow
> that user to connect to the second server but not the first.
> Paul DuBois, paul@stripped
> Northern League Chronicles: http://www.snake.net/nl/
> Please check
> "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> posting. To request this thread, e-mail
> To unsubscribe, send a message to the address shown in the
> List-Unsubscribe header of this message. If you cannot see it,
> e-mail mysql-unsubscribe@stripped instead.