I sort of have a heart attack of a problem. I had a non-root utility user in mysql that used to be able to see all the databases, tables, etc. on the mysql instance. The user was also able to insert records, delete records, create tables, etc. too. This user is used by scripts to edit records, or view the data as someone who's not root via phpmyadmin.
I don't know how Django fits into this or if it was even the cause but a contractor needed access to the db to work on their project we asked them to work on. They said they were using Django and needed to create some auth tables in the database (auth_group, auth_user, auth_user_groups, etc.)
However, after they added their tables for Django, that utility user can't see anything except the "information_schema" database.
Luckily, I checked using the root user in mysql and can see the databases but somehow, I still cant see the databases with the non-root user. I don't see anything that jumps out at me permissions-wise in the "user" table in mysql so I'm not sure how to fix this problem. I want to see what commands the contractor ran to get us into this situation to tell them not to do this again.
I was going to check the .mysql_history file in the unix root user directory but the funny thing is the file is dated from 3 weeks ago so it doesn't look like this will yield any info on what was run.
So, back to my original question, where can I see a history of mysql commands that were run on mysql so I can figure out what happened or what was run to get us into this funny situation?
Related
I created a couple of stored procedures in a remote MySql database (web) a week ago... during the session where I created them I was able to edit them, export them, etc...
Now, a week later, I wanted to edit them, and I find that the Edit and Execute buttons in the Routines tab for those two are disabled...
My web server is running phpmyadmin 4.0.10.7
I found out that, for some reason, in the ROUTINES table of the INFORMATION_SCHEMA db, those routines (procedures) have a different DEFINER (well, not different, but the db considers them different)
This is why I can't edit them... So, finally, the scenario is this. I logged in to my CPanel and PHPMyAdmin as usual, created those procedures, and the DEFINER for them is user#icario.servidoraweb.net (my user + the domain is my hosting provider)... Then, when I tried to edit them a week later, I log in, and I find that my user now (running SELECT CURRENT_USER();) is "user#10.0.5.47"...
I open a ticket with my hosting provider to find out why now my login to CPanel contains the IP address instead of the domain name, and they say they have no idea, they didn't change anything.
Now, Yesterday I logged in again, and then I can edit those procedures, I check my user, and it is again "user#icaro..."
Today, when I log in again, I am back in "user#10.0..."
So... I know why I can't edit those procedures... what I don't know is why I sometimes my user has the domain name, and sometimes the IP address..
Any ideas on this?? Thanks
I've searched for an answer to this and all I can seem to find are questions asking whether it is better to use multiple databases or multiple tables in a single database. This isn't my question though.
QUESTION 1.
I want to set up a new database alongside my current DB and don't know how. I want to give a user full admin access to DB2 without seeing DB1. This way I can host a friend's site and they can create and delete as many tables as they want without disturbing my own DB. I could also use it for demo sites that aren't secure and shouldn't exist inside my primary DB.
I figure I could do this pretty easily with a virtual machine and run a separate instance of MySQL but my resources are limited so that isn't really an option.
I'd like to set this up in one of 2 ways. I would prefer to have "server.example.com" host both DBs and open the proper DB based on user login. If not I could do it routing to server1.example.com and server2.example.com.
QUESTION 2.
If this isn't possible I'd like to know how to properly set up restricted access to a single DB in sequel pro. I have been messing around with it and so far prefer it to PHPMyAdmin. For some reason if I set up a new user with no permissions they have full access to my 'information_schema' and 'test' tables but can't create new tables. I don't want other users to access these tables though and I want them to be able to set up their own tables. I'd like to set it up so a new user can create a limited number of tables and only see and edit those tables. I can't seem to find information on this either.
Even if my first question is possible I'd like to know the answer to question 2. I've been searching for a long time and can't find reliable information anywhere. Maybe my brain is just tired...
You can set up multiple instances of mysql but for your situation you are better off creating different databases within the same instance.
You can create databases and then add users that only have access to manipulate the database they are given and nothing else.
Essentially the heirarchy is as follows:
Mysql (root or any other super user can see everything)
- Your DB
- Your Users
- Your tables/functions/Procedures/etc
- Their DB
- Their Users
- Their tables/functions/procedures/etc.
You basically separate the access for each, and in PHPMyAdmin it is very easy. The steps are:
Add Database )
Add User, restricting them to that database allowing only priveleges you want to give to that user and only to that database. (Guide here)
You can grant access to different database to different user using GRANT in MySQL.
https://dev.mysql.com/doc/refman/5.1/en/grant.html has the information you need.
The most simple you can do is
CREATE DATABASE db_for_user_a
CREATE DATABASE db_for_user_b
GRANT ALL PRIVILEGES ON db_for_user_a.* TO user_a IDENTIFIED BY 'user_a_s_password'
GRANT ALL PRIVILEGES ON db_for_user_b.* TO user_a IDENTIFIED BY 'user_b_s_password'
You are going to need to provide more information about your set up to answer this question of setting up multiple databases specifically.
Servers typically have methods to create multiple databases with software that is designed specifically to run on those platforms (Apache, and Windows server are a couple servers that can run software like WAMP or phpMyAdmin to manage these databases).
And in answer to the permissions: Yes, you can designate users that can have specific privileges on one, both, or neither of the databases. But, you can also set up table-specific roles and actions as well. This is more obvious with Microsoft's management studio though, where Mysql you may want to use something like Mysql Workbench initially.
On cPanel, for example, you can add a new database if your host allows it. On windows, you'll have to use other tools to set up a new database.
In answer to your first inquiry, each database requires its own connection, and there are database-wide operations that you can do such as migration and backups. A rule of thumb is to only keep entirely separate data in different databases, unless there is absolutely a reason to separate types of information into a different kind of database for efficiency. Typically, you do not relate data between different databases except for much more complex situations.
You can create separate databases and use them separately in sequel pro, I believe. Most platforms have an option to create a new db in the databases list.
Well I think I was confusing some stuff here. I apologize for that. I was calling databases 'tables'.
I was wanting to allow users to create new databases but not see the ones that others create. I think I can make this work by just limiting permissions and allowing users to access one or two databases.
It seems like PHPMyAdmin has some easier to use options than Sequel Pro. I've only briefly used it in the past but I'll give it another shot.
As for command line stuff, I love being able to work in command line but I don't know all the commands so it makes things generally difficult to figure out and the man pages weren't all that helpful.
Thank you for your answers and I'm sorry for my newbie questions.
I am using joomla as CMS I have a system of creating users from the back end and give those login information to the users to log in our site we are following this system as we only serve a selected group of people.
but I have noticed that some records were missing randomly in our database we are using phpmyadmin and database MySQL ,I have noticed the issue when some users complained that they couldn't login on our site with the credentials provided by us .When I checked the database table I found out that some records were missing randomly .I am totally puzzled and helpless please help me.
Records do not under any normal circumstance disappear from databases spontaneously. Some specific actions must cause this.
First, carefully analyse your reasons for thinking the database ever had the record.
You have a process by which data is created. Suppose the code went:
Generate username/password
Print it out (and hence pass to user)
Insert into database
and that last step failed, would you ever know? Can you run a quick query across the database when you believe the record should be there to check that it is?
If instead your code goes
Generate username
Insert into database
Read from database
Print it out
Then you have some evidence that the record did exist, now you need to track down when the deletion occurred. Somewhere there must be a delete running.
You need to get very analytic, gather evidence.
I'm new to mySQL and myphpadmin, but a few weeks ago I figured out how to create a database, tables, add relationships and insert/modify records...great! I've been creating coldfusion forms that access and update the database...perfect! But I go back in to myphpadmin one day last week and my database is GONE! The only databases there are "information_schema" and "test" (which is empty). My database, "hr_database" is gone! Crazy thing is (besides that), I can still use my ColdFusion forms to access and modify that database!
Anyway I can get it back in myphpadmin? If you all need more info, just let me know!
Thanks so much!
Kirsten
I think Fido is right. The user you're logging into phpmyadmin probably doesn't have rights to see that database. If you have root access, make sure to login with that. If not, use the same user your CF DSN uses.
From phpMyAdmin, I was exporting the functions/procedures used by the user assigned to a particular database and 3 functions didnt get exported because they were created by the 'superadmin'.
I was able to see these functions within
localhost > database_name -> Structure -> Routines
BUT, I was not able to modify their structure or export them.
The problem was happening because these 3 functions were created by the superuser. When exporting from the superuser account, everything got exported properly.
My question is: as a process, how can I ensure that this doesn't happen again in the future - that someone accidentally creates it as a superadmin (and the site would continue to work fine), but when we try exporting it, the function doesnt get exported (and the new site would stop working).
Restricting access to the superuser account would be the first step I would take. By restricting superuser access you guarantee that no one makes that mistake again. Is there a reason someone would need to be in the database working as a superuser?