| 1 |
cvsjoko |
1.1 |
------------------------------------------------------------------- |
| 2 |
|
|
$Id$ |
| 3 |
|
|
|
| 4 |
|
|
$Log$ |
| 5 |
|
|
------------------------------------------------------------------- |
| 6 |
|
|
|
| 7 |
|
|
|
| 8 |
|
|
========================================================= |
| 9 |
|
|
establish basic safety privileges |
| 10 |
|
|
========================================================= |
| 11 |
|
|
|
| 12 |
|
|
- we assume a running mysql-daemon, |
| 13 |
|
|
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
| 14 |
|
|
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
| 15 |
|
|
- select database: mysql> use mysql; |
| 16 |
|
|
|
| 17 |
|
|
- deny access for user "root" from the outer space (not localhost) |
| 18 |
|
|
mysql> delete from user where user='root' and host='%'; |
| 19 |
|
|
mysql> flush privileges; |
| 20 |
|
|
- assure everything is all right and you will be able to re-login again later ;) |
| 21 |
|
|
mysql> select * from user; |
| 22 |
|
|
--> there should be (as a minimum) an entry like ... |
| 23 |
|
|
--- snip --- |
| 24 |
|
|
| localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |
| 25 |
|
|
--- snip --- |
| 26 |
|
|
... which gives access-rights for user "root" at localhost with no password |
| 27 |
|
|
- test for safety |
| 28 |
|
|
mysql> select * from user; |
| 29 |
|
|
--> there should be no other "root"-entry in the "user"-table then the one established above |
| 30 |
|
|
|
| 31 |
|
|
|
| 32 |
|
|
========================================================= |
| 33 |
|
|
add new databases and grant access to them for new mysql-user-accounts |
| 34 |
|
|
========================================================= |
| 35 |
|
|
|
| 36 |
|
|
- we assume a running mysql-daemon, |
| 37 |
|
|
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
| 38 |
|
|
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
| 39 |
|
|
|
| 40 |
|
|
- create database |
| 41 |
|
|
mysql> create database <databasename>; |
| 42 |
|
|
|
| 43 |
|
|
- add new user |
| 44 |
|
|
mysql> use mysql; |
| 45 |
|
|
mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>')); |
| 46 |
|
|
|
| 47 |
|
|
- grant access for local usage (e.g. from php- or cgi-scripts) |
| 48 |
|
|
mysql> use mysql; |
| 49 |
|
|
mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
| 50 |
|
|
|
| 51 |
|
|
- apply changes to privileges |
| 52 |
|
|
mysql> flush privileges; |
| 53 |
|
|
|
| 54 |
|
|
- test access to new database |
| 55 |
|
|
- logout from mysql in "root"-mode |
| 56 |
|
|
- login to mysql-daemon as newly created user using the new database |
| 57 |
|
|
mysql> mysql -u<username> -p<password> <databasename> |
| 58 |
|
|
or leave "<password>" empty for supplying the password invisible ;) |
| 59 |
|
|
- this should work! |
| 60 |
|
|
|
| 61 |
|
|
- TODO: |
| 62 |
|
|
- there should be a (perl-)script (perhaps there is already one coming with mysql) |
| 63 |
|
|
to pass "databasename", "username" and "password" to, |
| 64 |
|
|
which should execute the tasks described above non-interactively ;) |
| 65 |
|
|
- note: use regression-checks |
| 66 |
|
|
- don't re-create database |
| 67 |
|
|
- if user already exists, just modify password!!! |
| 68 |
|
|
- don't accept empty arguments! |
| 69 |
|
|
- note: integrate into the gsn-framework (on the long term) |
| 70 |
|
|
- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location |
| 71 |
|
|
in order to be able to absolve all requests seamlessly without any user interaction |
| 72 |
|
|
|
| 73 |
|
|
|
Parent Directory
| 
Revision Log
