--- nfo/doc/computing/sysadmin/linux/howto-mysql-common-tasks.txt 2002/02/14 00:21:11 1.1 +++ nfo/doc/computing/sysadmin/linux/howto-mysql-common-tasks.txt 2002/09/14 16:23:13 1.2 @@ -1,76 +1,88 @@ -------------------------------------------------------------------- -$Id: howto-mysql-common-tasks.txt,v 1.1 2002/02/14 00:21:11 cvsjoko Exp $ - +------------------------------------------------------------------- +$Id: howto-mysql-common-tasks.txt,v 1.2 2002/09/14 16:23:13 cvsjoko Exp $ + $Log: howto-mysql-common-tasks.txt,v $ -Revision 1.1 2002/02/14 00:21:11 cvsjoko -+ new - -------------------------------------------------------------------- - - -========================================================= - establish basic safety privileges -========================================================= - -- we assume a running mysql-daemon, - else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory -- run mysql-client: [root@host]# mysql (you should be logged in as "root") -- select database: mysql> use mysql; - -- deny access for user "root" from the outer space (not localhost) - mysql> delete from user where user='root' and host='%'; - mysql> flush privileges; -- assure everything is all right and you will be able to re-login again later ;) - mysql> select * from user; - --> there should be (as a minimum) an entry like ... - --- snip --- - | localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | - --- snip --- - ... which gives access-rights for user "root" at localhost with no password -- test for safety - mysql> select * from user; - --> there should be no other "root"-entry in the "user"-table then the one established above - - -========================================================= - add new databases and grant access to them for new mysql-user-accounts -========================================================= - -- we assume a running mysql-daemon, - else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory -- run mysql-client: [root@host]# mysql (you should be logged in as "root") - -- create database - mysql> create database ; - -- add new user - mysql> use mysql; - mysql> insert into user (host, user, password) values ('localhost', '', password('')); - -- grant access for local usage (e.g. from php- or cgi-scripts) - mysql> use mysql; - mysql> insert into db values ('localhost', '', '', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); - -- apply changes to privileges - mysql> flush privileges; - -- test access to new database - - logout from mysql in "root"-mode - - login to mysql-daemon as newly created user using the new database - mysql> mysql -u -p - or leave "" empty for supplying the password invisible ;) - - this should work! - -- TODO: - - there should be a (perl-)script (perhaps there is already one coming with mysql) - to pass "databasename", "username" and "password" to, - which should execute the tasks described above non-interactively ;) - - note: use regression-checks - - don't re-create database - - if user already exists, just modify password!!! - - don't accept empty arguments! - - note: integrate into the gsn-framework (on the long term) - - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location - in order to be able to absolve all requests seamlessly without any user interaction - - +Revision 1.2 2002/09/14 16:23:13 cvsjoko +no message + +Revision 1.1 2002/02/14 00:21:11 cvsjoko ++ new + +------------------------------------------------------------------- + + +========================================================= + establish basic safety privileges +========================================================= + +- we assume a running mysql-daemon, + else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory +- run mysql-client: [root@host]# mysql (you should be logged in as "root") +- select database: mysql> use mysql; + +- deny access for user "root" from the outer space (not localhost) + mysql> delete from user where user='root' and host='%'; + mysql> flush privileges; +- assure everything is all right and you will be able to re-login again later ;) + mysql> select * from user; + --> there should be (as a minimum) an entry like ... + --- snip --- + | localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | + --- snip --- + ... which gives access-rights for user "root" at localhost with no password +- test for safety + mysql> select * from user; + --> there should be no other "root"-entry in the "user"-table then the one established above + + +========================================================= + add new databases and grant access to them for new mysql-user-accounts +========================================================= + +- we assume a running mysql-daemon, + else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory +- run mysql-client: [root@host]# mysql (you should be logged in as "root") + +- create database + mysql> create database ; + +- add new user + mysql> use mysql; + mysql> insert into user (host, user, password) values ('localhost', '', password('')); + +- grant access for local usage (e.g. from php- or cgi-scripts) + mysql> use mysql; + mysql> insert into db values ('localhost', '', '', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); + +- apply changes to privileges + mysql> flush privileges; + +- test access to new database + - logout from mysql in "root"-mode + - login to mysql-daemon as newly created user using the new database + mysql> mysql -u -p + or leave "" empty for supplying the password invisible ;) + - this should work! + +- TODO: + - there should be a (perl-)script (perhaps there is already one coming with mysql) + to pass "databasename", "username" and "password" to, + which should execute the tasks described above non-interactively ;) + - note: use regression-checks + - don't re-create database + - if user already exists, just modify password!!! + - don't accept empty arguments! + - note: integrate into the gsn-framework (on the long term) + - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location + in order to be able to absolve all requests seamlessly without any user interaction + + +========================================================= + add a "root-warrior" account +========================================================= +- this user should be able to to anything from remote side + + mysql> use mysql; + mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y'); + mysql> flush privileges; +