List:General Discussion« Previous MessageNext Message »
From:tcobb Date:April 14 1999 3:11pm
Subject:RE: privileges system - deny list of databases
View as plain text  
Actually, we do this with a very simple patch to the
source code distribution of MySQL.  We decided to
link the privileges for "shutdown" and that of 
"show databases" because we restrict shutdown
privileges to just network staff.

Here's the patch:

*** sql_parse.cc.orig   Mon Feb  1 07:10:03 1999
--- sql_parse.cc        Mon Feb  1 07:10:41 1999
***************
*** 898,903 ****
--- 898,910 ----
      send_error(&thd->net,ER_NOT_ALLOWED_COMMAND);     /* purecov:
inspected */
      DBUG_VOID_RETURN;
  #else
+     /* TAC:  BestHost change - we add a restriction on the show_databases
+                 command, don't want just anyone knowing that stuff...
+                 easiest thing to do is, if you can shutdown the server
+                 you can see the clients :)
+     */
+     if (check_access(thd,SHUTDOWN_ACL,any_db))
+         goto error;
      res= mysqld_show_dbs(thd, (lex->wild ? lex->wild->ptr() : NullS));
      break;
  #endif


-Troy Cobb
 Circle Net, Inc.
 http://www.circle.net

>   -----Original Message-----
>   From: Paul DuBois [mailto:paul@stripped]
>   Sent: Wednesday, April 14, 1999 11:04 AM
>   To: Paul Schwarzl
>   Cc: mysql@stripped
>   Subject: Re: privileges system - deny list of databases
>   
>   
>   >Hi there!
>   >
>   >Is it possibly (with the mysql-priv.system) to create a 
>   user, who has full
>   >access priv. to one database, but is unable to list all 
>   other the databases?
>   >(Means: this user should not see that there are other 
>   databases at all)
>   
>   No, not if you're talking about a single-server setup.
>   
>   You would have to run a second server (on a separate port, 
>   say), and allow
>   that user to connect to the second server but not the first.
>   
>   --
>   Paul DuBois, paul@stripped
>   Northern League Chronicles: http://www.snake.net/nl/
>   
>   ------------------------------------------------------------
>   ---------
>   Please check 
>   "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>   posting. To request this thread, e-mail 
>   mysql-thread1830@stripped
>   
>   To unsubscribe, send a message to the address shown in the
>   List-Unsubscribe header of this message. If you cannot see it,
>   e-mail mysql-unsubscribe@stripped instead.
>   
Thread
privileges system - deny list of databasesPaul Schwarzl14 Apr
  • Re: privileges system - deny list of databasesPaul DuBois14 Apr
RE: privileges system - deny list of databasestcobb14 Apr
  • RE: privileges system - deny list of databasesMichael Widenius15 Apr