sysadmin/linux/howto-mysql-common-tasks.txt

-------------------------------------------------------------------
$Id: howto-mysql-common-tasks.txt,v 1.1 2002/02/14 00:21:11 cvsjoko Exp $

$Log: howto-mysql-common-tasks.txt,v $
Revision 1.1  2002/02/14 00:21:11  cvsjoko
+ new

-------------------------------------------------------------------


=========================================================
    establish basic safety privileges
=========================================================

- we assume a running mysql-daemon, 
   else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
- run mysql-client: [root@host]# mysql (you should be logged in as "root")
- select database: mysql> use mysql;

- deny access for user "root" from the outer space (not localhost)
  mysql> delete from user where user='root' and host='%';
  mysql> flush privileges;
- assure everything is all right and you will be able to re-login again later ;)
  mysql> select * from user;
  --> there should be (as a minimum) an entry like ...
  --- snip ---
  | localhost | root |          | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          |
  --- snip ---
  ... which gives access-rights for user "root" at localhost with no password
- test for safety
  mysql> select * from user;
  --> there should be no other "root"-entry in the "user"-table then the one established above
  
  
=========================================================
    add new databases and grant access to them for new mysql-user-accounts
=========================================================

- we assume a running mysql-daemon, 
   else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
- run mysql-client: [root@host]# mysql (you should be logged in as "root")

- create database
  mysql> create database <databasename>;
  
- add new user
  mysql> use mysql;
  mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));

- grant access for local usage (e.g. from php- or cgi-scripts)
  mysql> use mysql;
  mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');

- apply changes to privileges
  mysql> flush privileges;

- test access to new database
  - logout from mysql in "root"-mode
  - login to mysql-daemon as newly created user using the new database
    mysql> mysql -u<username> -p<password> <databasename>
        or leave "<password>" empty for supplying the password invisible  ;)
  - this should work!
  
- TODO:
  - there should be a (perl-)script (perhaps there is already one coming with mysql) 
     to pass "databasename", "username" and "password" to, 
     which should execute the tasks described above non-interactively  ;)
     - note: use regression-checks
       - don't re-create database
       - if user already exists, just modify password!!!
       - don't accept empty arguments!
     - note: integrate into the gsn-framework (on the long term)
       - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location
         in order to be able to absolve all requests seamlessly without any user interaction
         
    
=========================================================
    add a "root-warrior" account
=========================================================
- this user should be able to to anything from remote side

  mysql> use mysql;
  mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y');
  mysql> flush privileges;

1	cvsjoko	1.2	-------------------------------------------------------------------
2			$Id: howto-mysql-common-tasks.txt,v 1.1 2002/02/14 00:21:11 cvsjoko Exp $
3
4			$Log: howto-mysql-common-tasks.txt,v $
5			Revision 1.1 2002/02/14 00:21:11 cvsjoko
6			+ new
7
8			-------------------------------------------------------------------
9
10
11			=========================================================
12			establish basic safety privileges
13			=========================================================
14
15			- we assume a running mysql-daemon,
16			else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
17			- run mysql-client: [root@host]# mysql (you should be logged in as "root")
18			- select database: mysql> use mysql;
19
20			- deny access for user "root" from the outer space (not localhost)
21			mysql> delete from user where user='root' and host='%';
22			mysql> flush privileges;
23			- assure everything is all right and you will be able to re-login again later ;)
24			mysql> select * from user;
25			--> there should be (as a minimum) an entry like ...
26			--- snip ---
27			\| localhost \| root \| \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \|
28			--- snip ---
29			... which gives access-rights for user "root" at localhost with no password
30			- test for safety
31			mysql> select * from user;
32			--> there should be no other "root"-entry in the "user"-table then the one established above
33
34
35			=========================================================
36			add new databases and grant access to them for new mysql-user-accounts
37			=========================================================
38
39			- we assume a running mysql-daemon,
40			else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
41			- run mysql-client: [root@host]# mysql (you should be logged in as "root")
42
43			- create database
44			mysql> create database <databasename>;
45
46			- add new user
47			mysql> use mysql;
48			mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));
49
50			- grant access for local usage (e.g. from php- or cgi-scripts)
51			mysql> use mysql;
52			mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');
53
54			- apply changes to privileges
55			mysql> flush privileges;
56
57			- test access to new database
58			- logout from mysql in "root"-mode
59			- login to mysql-daemon as newly created user using the new database
60			mysql> mysql -u<username> -p<password> <databasename>
61			or leave "<password>" empty for supplying the password invisible ;)
62			- this should work!
63
64			- TODO:
65			- there should be a (perl-)script (perhaps there is already one coming with mysql)
66			to pass "databasename", "username" and "password" to,
67			which should execute the tasks described above non-interactively ;)
68			- note: use regression-checks
69			- don't re-create database
70			- if user already exists, just modify password!!!
71			- don't accept empty arguments!
72			- note: integrate into the gsn-framework (on the long term)
73			- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location
74			in order to be able to absolve all requests seamlessly without any user interaction
75
76
77			=========================================================
78			add a "root-warrior" account
79			=========================================================
80			- this user should be able to to anything from remote side
81
82			mysql> use mysql;
83			mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y');
84			mysql> flush privileges;
85
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26