Adam Chlipala wrote: > We don't know how to grant users permissions to drop tables from MySQL > databases without letting them drop whole databases. We can't allow the > latter because MySQL keeps permissions around, even after the databases > they refer to are dropped. Going through dbtool, a user can only create > databases in his AFS space. If he can drop that database and has the > permissions to re-create it, it will be created in the default location, > the partition housing /var/lib/mysql, and thus not subject to the user's > database quota, allowing him to overrun /var. Anyone have a solution to > suggest? > > Is there any way that we could set restrictive permissions in all or part of /var/lib/mysql such that a CREATE command issued through the default mysql tool would fail?
> We also need to figure out access control policies. For MySQL, this > takes the form of choosing the latter part of [EMAIL PROTECTED] > usernames. The current code is using [EMAIL PROTECTED], but we will of > course want to allow users logged into mire to access their databases on > deleuze. What do y'all think about 69.90.123.% as the hostname part, > which allows connections from servers in our little subnety thing > (though it will also allow others at the same colo, since we don't own > the whole fourth part of the IP address range). > The MySQL documentation says that a netmask can be specified, which would allow us to say that only our small portion of the IP space can connect to the db server. It would be just a simple modification of the hostname that you mentioned above. See this page for more details: http://dev.mysql.com/doc/refman/5.0/en/connection-access.html _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
