Hi, Nope, the Grant option is to allow the user using Grant command itself. A user with Grant privileges can give to anybody else the same rights he already possesses, but this GRANT option doesn't come with a "GRANT ALL PRIVILEGES". See https://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_grant-option I don't see what you mean by "assign rights to created databases" Jeremie.
If you're using the default parameter which makes mysql bind on 127.0.0.1, you only need to control who's able to connect to the machine with SSH. 2014-04-15 10:37 GMT+02:00 Jeremie BOUSQUET <[email protected]>: > Hello, > > I think GRANT right is needed, so xwiki db user can automatically assign > rights to created databases, isn't it ? > You have some ways to improve security, as using a strong password for > xwiki db user, limiting login from this specific server only, etc... > You could also give privilege needed to create new db only when you need it > (ie, you want to create a subwiki), and remove them afterwards (supposing > you control the subwiki creation process). > > BR, > Jeremie > > > 2014-04-14 19:17 GMT+02:00 Guillaume Fenollar < > [email protected]> > : > > > Hello, > > > > Giving "ALL PRIVILEGES" doesn't give the GRANT option, so basically, if > you > > run this command, it will give xwiki user all the rights, but to that one > > only. Beyond that, I don't see how the reload privilege could be > dangerous > > at all to give. > > > > The only way to make it more secure is to grant the rights for every > > database, one by one. > > > > We used to meet people having issues during wikis creations, because of > > lack of privileges, that's why the documentation directly advise to give > > all privileges to everything. So of course, you can also pick the > exclusive > > rights you want to grant, but since you need to do that for every > database, > > it may be a bit long. > > > > Good luck > > > > Guillaume > > > > > > 2014-04-14 9:43 GMT+02:00 Martin Hamant <[email protected]>: > > > > > Hi, > > > > > > It is mentioned in the documentation "Give all privileges to the xwiki > > > user for accessing and creating databases" - because the user to be > able > > to > > > create additional databases for sub-wikis ; but isn't it a little pushy > > to > > > give *all* the privileges (Grant, reload...) to the xwiki user ? > > > > > > How could I secure the xwiki mysql user account a little more ? > > > _______________________________________________ > > > users mailing list > > > [email protected] > > > http://lists.xwiki.org/mailman/listinfo/users > > > > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
