From: Michael Widenius Date: April 14 1999 9:17pm Subject: RE: privileges system - deny list of databases List-Archive: http://lists.mysql.com/mysql/1858 Message-Id: <14101.1409.946388.920157@monty.pp.sci.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit >>>>> "tcobb" == tcobb writes: tcobb> Actually, we do this with a very simple patch to the tcobb> source code distribution of MySQL. We decided to tcobb> link the privileges for "shutdown" and that of tcobb> "show databases" because we restrict shutdown tcobb> privileges to just network staff. tcobb> Here's the patch: tcobb> *** sql_parse.cc.orig Mon Feb 1 07:10:03 1999 tcobb> --- sql_parse.cc Mon Feb 1 07:10:41 1999 tcobb> *************** tcobb> *** 898,903 **** tcobb> --- 898,910 ---- tcobb> send_error(&thd->net,ER_NOT_ALLOWED_COMMAND); /* purecov: tcobb> inspected */ tcobb> DBUG_VOID_RETURN; tcobb> #else tcobb> + /* TAC: BestHost change - we add a restriction on the show_databases tcobb> + command, don't want just anyone knowing that stuff... tcobb> + easiest thing to do is, if you can shutdown the server tcobb> + you can see the clients :) tcobb> + */ tcobb> + if (check_access(thd,SHUTDOWN_ACL,any_db)) tcobb> + goto error; tcobb> res= mysqld_show_dbs(thd, (lex->wild ? lex->wild->ptr() : NullS)); tcobb> break; tcobb> #endif Hi! I have now in MySQL 3.23 added an option start option that allowed one to enable the above code. The only change is that I decided to use the PROCESS_PRIV privilege instead (most other super-user stuff is done with this privilege). Regards, Monty