1 |
------------------------------------------------------------------- |
------------------------------------------------------------------- |
2 |
$Id$ |
$Id$ |
3 |
|
|
4 |
$Log$ |
$Log$ |
5 |
Revision 1.1 2002/02/14 00:21:11 cvsjoko |
Revision 1.2 2002/09/14 16:23:13 cvsjoko |
6 |
+ new |
no message |
7 |
|
|
8 |
------------------------------------------------------------------- |
Revision 1.1 2002/02/14 00:21:11 cvsjoko |
9 |
|
+ new |
10 |
|
|
11 |
========================================================= |
------------------------------------------------------------------- |
12 |
establish basic safety privileges |
|
13 |
========================================================= |
|
14 |
|
========================================================= |
15 |
- we assume a running mysql-daemon, |
establish basic safety privileges |
16 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
========================================================= |
17 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
|
18 |
- select database: mysql> use mysql; |
- we assume a running mysql-daemon, |
19 |
|
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
20 |
- deny access for user "root" from the outer space (not localhost) |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
21 |
mysql> delete from user where user='root' and host='%'; |
- select database: mysql> use mysql; |
22 |
mysql> flush privileges; |
|
23 |
- assure everything is all right and you will be able to re-login again later ;) |
- deny access for user "root" from the outer space (not localhost) |
24 |
mysql> select * from user; |
mysql> delete from user where user='root' and host='%'; |
25 |
--> there should be (as a minimum) an entry like ... |
mysql> flush privileges; |
26 |
--- snip --- |
- assure everything is all right and you will be able to re-login again later ;) |
27 |
| localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |
mysql> select * from user; |
28 |
--- snip --- |
--> there should be (as a minimum) an entry like ... |
29 |
... which gives access-rights for user "root" at localhost with no password |
--- snip --- |
30 |
- test for safety |
| localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |
31 |
mysql> select * from user; |
--- snip --- |
32 |
--> there should be no other "root"-entry in the "user"-table then the one established above |
... which gives access-rights for user "root" at localhost with no password |
33 |
|
- test for safety |
34 |
|
mysql> select * from user; |
35 |
========================================================= |
--> there should be no other "root"-entry in the "user"-table then the one established above |
36 |
add new databases and grant access to them for new mysql-user-accounts |
|
37 |
========================================================= |
|
38 |
|
========================================================= |
39 |
- we assume a running mysql-daemon, |
add new databases and grant access to them for new mysql-user-accounts |
40 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
========================================================= |
41 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
|
42 |
|
- we assume a running mysql-daemon, |
43 |
- create database |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
44 |
mysql> create database <databasename>; |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
45 |
|
|
46 |
- add new user |
- create database |
47 |
mysql> use mysql; |
mysql> create database <databasename>; |
48 |
mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>')); |
|
49 |
|
- add new user |
50 |
- grant access for local usage (e.g. from php- or cgi-scripts) |
mysql> use mysql; |
51 |
mysql> use mysql; |
mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>')); |
52 |
mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
|
53 |
|
- grant access for local usage (e.g. from php- or cgi-scripts) |
54 |
- apply changes to privileges |
mysql> use mysql; |
55 |
mysql> flush privileges; |
mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
56 |
|
|
57 |
- test access to new database |
- apply changes to privileges |
58 |
- logout from mysql in "root"-mode |
mysql> flush privileges; |
59 |
- login to mysql-daemon as newly created user using the new database |
|
60 |
mysql> mysql -u<username> -p<password> <databasename> |
- test access to new database |
61 |
or leave "<password>" empty for supplying the password invisible ;) |
- logout from mysql in "root"-mode |
62 |
- this should work! |
- login to mysql-daemon as newly created user using the new database |
63 |
|
mysql> mysql -u<username> -p<password> <databasename> |
64 |
- TODO: |
or leave "<password>" empty for supplying the password invisible ;) |
65 |
- there should be a (perl-)script (perhaps there is already one coming with mysql) |
- this should work! |
66 |
to pass "databasename", "username" and "password" to, |
|
67 |
which should execute the tasks described above non-interactively ;) |
- TODO: |
68 |
- note: use regression-checks |
- there should be a (perl-)script (perhaps there is already one coming with mysql) |
69 |
- don't re-create database |
to pass "databasename", "username" and "password" to, |
70 |
- if user already exists, just modify password!!! |
which should execute the tasks described above non-interactively ;) |
71 |
- don't accept empty arguments! |
- note: use regression-checks |
72 |
- note: integrate into the gsn-framework (on the long term) |
- don't re-create database |
73 |
- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location |
- if user already exists, just modify password!!! |
74 |
in order to be able to absolve all requests seamlessly without any user interaction |
- don't accept empty arguments! |
75 |
|
- note: integrate into the gsn-framework (on the long term) |
76 |
|
- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location |
77 |
|
in order to be able to absolve all requests seamlessly without any user interaction |
78 |
|
|
79 |
|
|
80 |
|
========================================================= |
81 |
|
add a "root-warrior" account |
82 |
|
========================================================= |
83 |
|
- this user should be able to to anything from remote side |
84 |
|
|
85 |
|
mysql> use mysql; |
86 |
|
mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y'); |
87 |
|
mysql> flush privileges; |
88 |
|
|