List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:April 14 1999 9:17pm
Subject:RE: privileges system - deny list of databases
View as plain text  
>>>>> "tcobb" == tcobb  <tcobb@stripped> writes:

tcobb> Actually, we do this with a very simple patch to the
tcobb> source code distribution of MySQL.  We decided to
tcobb> link the privileges for "shutdown" and that of 
tcobb> "show databases" because we restrict shutdown
tcobb> privileges to just network staff.

tcobb> Here's the patch:

tcobb> ***   Mon Feb  1 07:10:03 1999
tcobb> ---        Mon Feb  1 07:10:41 1999
tcobb> ***************
tcobb> *** 898,903 ****
tcobb> --- 898,910 ----
tcobb>       send_error(&thd->net,ER_NOT_ALLOWED_COMMAND);     /* purecov:
tcobb> inspected */
tcobb>       DBUG_VOID_RETURN;
tcobb>   #else
tcobb> +     /* TAC:  BestHost change - we add a restriction on the show_databases
tcobb> +                 command, don't want just anyone knowing that stuff...
tcobb> +                 easiest thing to do is, if you can shutdown the server
tcobb> +                 you can see the clients :)
tcobb> +     */
tcobb> +     if (check_access(thd,SHUTDOWN_ACL,any_db))
tcobb> +         goto error;
tcobb>       res= mysqld_show_dbs(thd, (lex->wild ? lex->wild->ptr() :
> NullS));
tcobb>       break;
tcobb>   #endif



I have now in MySQL 3.23 added an option start option that allowed one 
to enable the above code.  The only change is that I decided to use
the PROCESS_PRIV privilege instead (most other super-user stuff is
done with this privilege).

privileges system - deny list of databasesPaul Schwarzl14 Apr
  • Re: privileges system - deny list of databasesPaul DuBois14 Apr
RE: privileges system - deny list of databasestcobb14 Apr
  • RE: privileges system - deny list of databasesMichael Widenius15 Apr