| 1 |
------------------------------------------------------------------- |
| 2 |
$Id$ |
| 3 |
|
| 4 |
$Log$ |
| 5 |
------------------------------------------------------------------- |
| 6 |
|
| 7 |
|
| 8 |
========================================================= |
| 9 |
establish basic safety privileges |
| 10 |
========================================================= |
| 11 |
|
| 12 |
- we assume a running mysql-daemon, |
| 13 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
| 14 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
| 15 |
- select database: mysql> use mysql; |
| 16 |
|
| 17 |
- deny access for user "root" from the outer space (not localhost) |
| 18 |
mysql> delete from user where user='root' and host='%'; |
| 19 |
mysql> flush privileges; |
| 20 |
- assure everything is all right and you will be able to re-login again later ;) |
| 21 |
mysql> select * from user; |
| 22 |
--> there should be (as a minimum) an entry like ... |
| 23 |
--- snip --- |
| 24 |
| localhost | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |
| 25 |
--- snip --- |
| 26 |
... which gives access-rights for user "root" at localhost with no password |
| 27 |
- test for safety |
| 28 |
mysql> select * from user; |
| 29 |
--> there should be no other "root"-entry in the "user"-table then the one established above |
| 30 |
|
| 31 |
|
| 32 |
========================================================= |
| 33 |
add new databases and grant access to them for new mysql-user-accounts |
| 34 |
========================================================= |
| 35 |
|
| 36 |
- we assume a running mysql-daemon, |
| 37 |
else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory |
| 38 |
- run mysql-client: [root@host]# mysql (you should be logged in as "root") |
| 39 |
|
| 40 |
- create database |
| 41 |
mysql> create database <databasename>; |
| 42 |
|
| 43 |
- add new user |
| 44 |
mysql> use mysql; |
| 45 |
mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>')); |
| 46 |
|
| 47 |
- grant access for local usage (e.g. from php- or cgi-scripts) |
| 48 |
mysql> use mysql; |
| 49 |
mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
| 50 |
|
| 51 |
- apply changes to privileges |
| 52 |
mysql> flush privileges; |
| 53 |
|
| 54 |
- test access to new database |
| 55 |
- logout from mysql in "root"-mode |
| 56 |
- login to mysql-daemon as newly created user using the new database |
| 57 |
mysql> mysql -u<username> -p<password> <databasename> |
| 58 |
or leave "<password>" empty for supplying the password invisible ;) |
| 59 |
- this should work! |
| 60 |
|
| 61 |
- TODO: |
| 62 |
- there should be a (perl-)script (perhaps there is already one coming with mysql) |
| 63 |
to pass "databasename", "username" and "password" to, |
| 64 |
which should execute the tasks described above non-interactively ;) |
| 65 |
- note: use regression-checks |
| 66 |
- don't re-create database |
| 67 |
- if user already exists, just modify password!!! |
| 68 |
- don't accept empty arguments! |
| 69 |
- note: integrate into the gsn-framework (on the long term) |
| 70 |
- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location |
| 71 |
in order to be able to absolve all requests seamlessly without any user interaction |
| 72 |
|
| 73 |
|
Parent Directory
| 
Revision Log
