Here is a (stripped) list of steps needed to recreate this problem.
---------------------------------------------------------------------------
# mysql -u root -p
......
mysql> CREATE DATABASE `user_db`;
Query OK, 1 row affected (0.00 sec)
mysql> USE mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
mysql> INSERT INTO user (Host, User) VALUES ('localhost', 'user_db_mgr');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO db (Host, User, Db, Create_priv) VALUES ('localhost',
'user_db_mgr', 'user_db', 'Y');
Query OK, 1 row affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
# mysql -u user_db_mgr
......
mysql> CREATE DATABASE `user?db`;
Query OK, 1 row affected (0.00 sec)
---------------------------------------------------------------------------
>From the above, you can see that this new unprivileged user was able to
create a database with a specific name. No other name was found to work.
This user should only be able to create _tables_ in the assigned database,
but it seems that the Create_priv permission somehow extends to allow this
user to create this database as well.
This is all done on MySQL 3.23.52/gcc 2.95.3/glibc-2.2.5/linux 2.4.19 (RH
7.3)
(please cc: me on replies -- I am not subscribed).
---max kalika
[EMAIL PROTECTED]
-lsit systems administrator
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
