1 |
------------------------------------------------------------------- |
2 |
$Id$ |
3 |
|
4 |
$Log$ |
5 |
------------------------------------------------------------------- |
6 |
|
7 |
|
8 |
========================================================= |
9 |
establish basic safety privileges |
10 |
========================================================= |
11 |
|
12 |
- we assume a running mysql-daemon, |
13 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
14 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
15 |
- select database: mysql> use mysql; |
16 |
|
17 |
- deny access for user "root" from the outer space (not localhost) |
18 |
mysql> delete from user where user='root' and host='%'; |
19 |
mysql> flush privileges; |
20 |
- assure everything is all right and you will be able to re-login again later ;) |
21 |
mysql> select * from user; |
22 |
--> there should be (as a minimum) an entry like ... |
23 |
--- snip --- |
24 |
| localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |
25 |
--- snip --- |
26 |
... which gives access-rights for user "root" at localhost with no password |
27 |
- test for safety |
28 |
mysql> select * from user; |
29 |
--> there should be no other "root"-entry in the "user"-table then the one established above |
30 |
|
31 |
|
32 |
========================================================= |
33 |
add new databases and grant access to them for new mysql-user-accounts |
34 |
========================================================= |
35 |
|
36 |
- we assume a running mysql-daemon, |
37 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
38 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
39 |
|
40 |
- create database |
41 |
mysql> create database <databasename>; |
42 |
|
43 |
- add new user |
44 |
mysql> use mysql; |
45 |
mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>')); |
46 |
|
47 |
- grant access for local usage (e.g. from php- or cgi-scripts) |
48 |
mysql> use mysql; |
49 |
mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
50 |
|
51 |
- apply changes to privileges |
52 |
mysql> flush privileges; |
53 |
|
54 |
- test access to new database |
55 |
- logout from mysql in "root"-mode |
56 |
- login to mysql-daemon as newly created user using the new database |
57 |
mysql> mysql -u<username> -p<password> <databasename> |
58 |
or leave "<password>" empty for supplying the password invisible ;) |
59 |
- this should work! |
60 |
|
61 |
- TODO: |
62 |
- there should be a (perl-)script (perhaps there is already one coming with mysql) |
63 |
to pass "databasename", "username" and "password" to, |
64 |
which should execute the tasks described above non-interactively ;) |
65 |
- note: use regression-checks |
66 |
- don't re-create database |
67 |
- if user already exists, just modify password!!! |
68 |
- don't accept empty arguments! |
69 |
- note: integrate into the gsn-framework (on the long term) |
70 |
- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location |
71 |
in order to be able to absolve all requests seamlessly without any user interaction |
72 |
|
73 |
|