/[cvs]/nfo/doc/computing/sysadmin/linux/howto-mysql-common-tasks.txt
ViewVC logotype

Diff of /nfo/doc/computing/sysadmin/linux/howto-mysql-common-tasks.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1.1 by cvsjoko, Thu Feb 14 00:21:11 2002 UTC revision 1.2 by cvsjoko, Sat Sep 14 16:23:13 2002 UTC
# Line 1  Line 1 
1  -------------------------------------------------------------------  -------------------------------------------------------------------
2  $Id$  $Id$
3    
4  $Log$  $Log$
5  Revision 1.1  2002/02/14 00:21:11  cvsjoko  Revision 1.2  2002/09/14 16:23:13  cvsjoko
6  + new  no message
7    
8  -------------------------------------------------------------------  Revision 1.1  2002/02/14 00:21:11  cvsjoko
9    + new
10    
11  =========================================================  -------------------------------------------------------------------
12      establish basic safety privileges  
13  =========================================================  
14    =========================================================
15  - we assume a running mysql-daemon,      establish basic safety privileges
16     else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory  =========================================================
17  - run mysql-client: [root@host]# mysql (you should be logged in as "root")  
18  - select database: mysql> use mysql;  - we assume a running mysql-daemon,
19       else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
20  - deny access for user "root" from the outer space (not localhost)  - run mysql-client: [root@host]# mysql (you should be logged in as "root")
21    mysql> delete from user where user='root' and host='%';  - select database: mysql> use mysql;
22    mysql> flush privileges;  
23  - assure everything is all right and you will be able to re-login again later ;)  - deny access for user "root" from the outer space (not localhost)
24    mysql> select * from user;    mysql> delete from user where user='root' and host='%';
25    --> there should be (as a minimum) an entry like ...    mysql> flush privileges;
26    --- snip ---  - assure everything is all right and you will be able to re-login again later ;)
27    | localhost | root |          | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          |    mysql> select * from user;
28    --- snip ---    --> there should be (as a minimum) an entry like ...
29    ... which gives access-rights for user "root" at localhost with no password    --- snip ---
30  - test for safety    | localhost | root |          | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          |
31    mysql> select * from user;    --- snip ---
32    --> there should be no other "root"-entry in the "user"-table then the one established above    ... which gives access-rights for user "root" at localhost with no password
33      - test for safety
34        mysql> select * from user;
35  =========================================================    --> there should be no other "root"-entry in the "user"-table then the one established above
36      add new databases and grant access to them for new mysql-user-accounts    
37  =========================================================    
38    =========================================================
39  - we assume a running mysql-daemon,      add new databases and grant access to them for new mysql-user-accounts
40     else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory  =========================================================
41  - run mysql-client: [root@host]# mysql (you should be logged in as "root")  
42    - we assume a running mysql-daemon,
43  - create database     else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
44    mysql> create database <databasename>;  - run mysql-client: [root@host]# mysql (you should be logged in as "root")
45      
46  - add new user  - create database
47    mysql> use mysql;    mysql> create database <databasename>;
48    mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));    
49    - add new user
50  - grant access for local usage (e.g. from php- or cgi-scripts)    mysql> use mysql;
51    mysql> use mysql;    mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));
52    mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');  
53    - grant access for local usage (e.g. from php- or cgi-scripts)
54  - apply changes to privileges    mysql> use mysql;
55    mysql> flush privileges;    mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');
56    
57  - test access to new database  - apply changes to privileges
58    - logout from mysql in "root"-mode    mysql> flush privileges;
59    - login to mysql-daemon as newly created user using the new database  
60      mysql> mysql -u<username> -p<password> <databasename>  - test access to new database
61          or leave "<password>" empty for supplying the password invisible  ;)    - logout from mysql in "root"-mode
62    - this should work!    - login to mysql-daemon as newly created user using the new database
63          mysql> mysql -u<username> -p<password> <databasename>
64  - TODO:          or leave "<password>" empty for supplying the password invisible  ;)
65    - there should be a (perl-)script (perhaps there is already one coming with mysql)    - this should work!
66       to pass "databasename", "username" and "password" to,    
67       which should execute the tasks described above non-interactively  ;)  - TODO:
68       - note: use regression-checks    - there should be a (perl-)script (perhaps there is already one coming with mysql)
69         - don't re-create database       to pass "databasename", "username" and "password" to,
70         - if user already exists, just modify password!!!       which should execute the tasks described above non-interactively  ;)
71         - don't accept empty arguments!       - note: use regression-checks
72       - note: integrate into the gsn-framework (on the long term)         - don't re-create database
73         - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location         - if user already exists, just modify password!!!
74           in order to be able to absolve all requests seamlessly without any user interaction         - don't accept empty arguments!
75                 - note: integrate into the gsn-framework (on the long term)
76               - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location
77             in order to be able to absolve all requests seamlessly without any user interaction
78            
79        
80    =========================================================
81        add a "root-warrior" account
82    =========================================================
83    - this user should be able to to anything from remote side
84    
85      mysql> use mysql;
86      mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y');
87      mysql> flush privileges;
88    
Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2
MailToCvsAdmin">MailToCvsAdmin
 ViewVC Help
Powered by ViewVC 1.1.26 RSS 2.0 feed