Re: User can see all databases...

2005-12-19 Thread William R. Dickson
This did the trick. Many thanks. I had found that option, but  
misinterpreted what I read; I thought it was only available in 4.x.


Thanks again!

-Bill

On Dec 14, 2005, at 6:59 PM, Michael Stassen wrote:


William R. Dickson wrote:
OK, I strongly suspect I've just done something stupid here, but  
I'm  having trouble figuring it out. I had a disk go bad on a  
MySQL server  this past weekend. I did a clean system install  
(FreeBSD 5.4) on a  new disk, installed the MySQL 3.23 port, and  
restored the mysql data  directory from backup. Everything is  
working fine...except now, every  user is able to get a list of  
every database on the system. They  can't actually use the  
databases, but I'd rather they couldn't get  the list, either.
Following some suggestions I found in the list archives, I did a  
SHOW  GRANTS and found the following (database names match  
usernames):
GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD  
'blablabla'

GRANT ALL PRIVILEGES ON `username`.* TO 'username'@'%'
I suspect that the problem lies with every user having USAGE'   
privileges on every database (although entering use  
otherusername;  returns an error indicating the user has no  
permissions to read the  database). However, I can't seem to  
revoke this privileges. I can't  even find the privilege in any of  
the tables.

Can someone point my addled brain in the right direction here?
Thanks!
-Bill


I know it is counter-intuitive, but USAGE means no privileges.   
In 3.23, seeing all databases is the default behavior, turned off  
by starting mysqld with the --skip-show-database option.  This  
changed to the behavior you are expecting in 4.0.2.


See the manual for more http://dev.mysql.com/doc/refman/4.1/en/ 
show-databases.html.


Michael

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]



Re: User can see all databases...

2005-12-19 Thread William R. Dickson
OK, I spoke a little too soon. Users can no longer list all  
databases, which is great. Unfortunately, they also can't list their  
own, resulting in errors when they log into phpMyAdmin:

SQL-query: SHOW DATABASES ;

MySQL said: #1045 - Access denied for user:  
'[EMAIL PROTECTED]' (Using password: YES)


mysql SHOW GRANTS FOR 'username'@'%';
+--- 
---+
| Grants for username@ 
%|
+--- 
---+
| GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD  
'blablabla'  |
| GRANT ALL PRIVILEGES ON `username`.* TO  
'username'@'%'   |
+--- 
---+


OK, the documentation says:

If the server was started with the --skip-show-database option, you  
cannot use this statement at all unless you have the SHOW DATABASES  
privilege.


From what I can tell, however, I can't grant the SHOW DATABASES  
privilege to a user for his own databases in 3.x.


Is there any way in 3.x to allow a user to list ONLY his own  
databases? The ultimate problem is this: we have a number of users  
with Lasso code that is getting confused when it can see the full  
list (plus, we'd just rather people not be able to do that). So we  
needed to disable show databases to get Lasso working properly.  
Unfortunately, we also need phpMyAdmin to work properly, and it seems  
to have problems if this feature is disabled.


Thanks,

-Bill


On Dec 19, 2005, at 7:34 AM, William R. Dickson wrote:

This did the trick. Many thanks. I had found that option, but  
misinterpreted what I read; I thought it was only available in 4.x.


Thanks again!

-Bill

On Dec 14, 2005, at 6:59 PM, Michael Stassen wrote:


William R. Dickson wrote:
OK, I strongly suspect I've just done something stupid here, but  
I'm  having trouble figuring it out. I had a disk go bad on a  
MySQL server  this past weekend. I did a clean system install  
(FreeBSD 5.4) on a  new disk, installed the MySQL 3.23 port, and  
restored the mysql data  directory from backup. Everything is  
working fine...except now, every  user is able to get a list of  
every database on the system. They  can't actually use the  
databases, but I'd rather they couldn't get  the list, either.
Following some suggestions I found in the list archives, I did a  
SHOW  GRANTS and found the following (database names match  
usernames):
GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD  
'blablabla'

GRANT ALL PRIVILEGES ON `username`.* TO 'username'@'%'
I suspect that the problem lies with every user having USAGE'   
privileges on every database (although entering use  
otherusername;  returns an error indicating the user has no  
permissions to read the  database). However, I can't seem to  
revoke this privileges. I can't  even find the privilege in any  
of the tables.

Can someone point my addled brain in the right direction here?
Thanks!
-Bill


I know it is counter-intuitive, but USAGE means no privileges.   
In 3.23, seeing all databases is the default behavior, turned off  
by starting mysqld with the --skip-show-database option.  This  
changed to the behavior you are expecting in 4.0.2.


See the manual for more http://dev.mysql.com/doc/refman/4.1/en/ 
show-databases.html.


Michael

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]



User can see all databases...

2005-12-14 Thread William R. Dickson
OK, I strongly suspect I've just done something stupid here, but I'm  
having trouble figuring it out. I had a disk go bad on a MySQL server  
this past weekend. I did a clean system install (FreeBSD 5.4) on a  
new disk, installed the MySQL 3.23 port, and restored the mysql data  
directory from backup. Everything is working fine...except now, every  
user is able to get a list of every database on the system. They  
can't actually use the databases, but I'd rather they couldn't get  
the list, either.


Following some suggestions I found in the list archives, I did a SHOW  
GRANTS and found the following (database names match usernames):



GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD 'blablabla'
GRANT ALL PRIVILEGES ON `username`.* TO 'username'@'%'

I suspect that the problem lies with every user having USAGE'  
privileges on every database (although entering use otherusername;  
returns an error indicating the user has no permissions to read the  
database). However, I can't seem to revoke this privileges. I can't  
even find the privilege in any of the tables.


Can someone point my addled brain in the right direction here?

Thanks!

-Bill


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]



Re: User can see all databases...

2005-12-14 Thread Michael Stassen

William R. Dickson wrote:
OK, I strongly suspect I've just done something stupid here, but I'm  
having trouble figuring it out. I had a disk go bad on a MySQL server  
this past weekend. I did a clean system install (FreeBSD 5.4) on a  new 
disk, installed the MySQL 3.23 port, and restored the mysql data  
directory from backup. Everything is working fine...except now, every  
user is able to get a list of every database on the system. They  can't 
actually use the databases, but I'd rather they couldn't get  the list, 
either.


Following some suggestions I found in the list archives, I did a SHOW  
GRANTS and found the following (database names match usernames):


GRANT USAGE ON *.* TO 'username'@'%' IDENTIFIED BY PASSWORD 'blablabla'
GRANT ALL PRIVILEGES ON `username`.* TO 'username'@'%'

I suspect that the problem lies with every user having USAGE'  
privileges on every database (although entering use otherusername;  
returns an error indicating the user has no permissions to read the  
database). However, I can't seem to revoke this privileges. I can't  
even find the privilege in any of the tables.


Can someone point my addled brain in the right direction here?

Thanks!

-Bill


I know it is counter-intuitive, but USAGE means no privileges.  In 3.23, 
seeing all databases is the default behavior, turned off by starting mysqld with 
the --skip-show-database option.  This changed to the behavior you are expecting 
in 4.0.2.


See the manual for more 
http://dev.mysql.com/doc/refman/4.1/en/show-databases.html.


Michael

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]