I configured MySQL as follows:
CREATE DATABASE IF NOT EXISTS foodb;
CREATE USER IF NOT EXISTS 'foo'#'localhost';
ALTER USER 'foo'#'localhost' IDENTIFIED BY 'qux';
GRANT ALL ON foodb.* to 'foo'#'localhost';
SHOW GRANTS FOR 'foo'#'localhost';
FLUSH PRIVILEGES;
SELECT user, host, authentication_string FROM mysql.user ORDER BY user, host;
When I run
python manage.py dbshell
I get the following error:
ERROR 1045 (28000): Access denied for user 'foo'#'localhost' (using password: YES)
CommandError: "mysql --user=foo --host=localhost foodb" returned non-zero exit status 1.
Also, this query
SHOW GRANTS for 'foo'#'localhost';
returns
+--------------------------------------------------------------+
| Grants for foo#localhost |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'#'localhost' |
| GRANT ALL PRIVILEGES ON `foodb`.* TO 'foo'#'localhost' |
+--------------------------------------------------------------+
2 rows in set (0.00 sec)
Finally, switching user to root and the root account password works just fine. So I think the issue must be with the user permissions on MySQL itself.
What additional permissions does 'foo'#'localhost' need for this to work?
Related
I have a MySQL pair that communicates over a VIP. I want to verify permissions for all users (including root) from ANY IP. When I attempt to view all grants for root I get this:
mysql> show grants for root;
ERROR 1141 (42000): There is no such grant defined for user 'root' on host '%'
But there are other grants for root:
mysql> show grants for 'root'#'localhost';
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `*.*`.* TO 'root'#'localhost' |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
How can I view ALL grants for a user (all hosts and databases)?
You can use this:
select * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES;
I have a user 'adminuser' with the following privileges:
mysql> show grants for 'adminuser'#'localhost';
+----------------------------------------------------------+
| Grants for adminuser#localhost |
+----------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'adminuser'#'localhost' |
+----------------------------------------------------------+
1 row in set (0.00 sec)
Now I am trying to grant privileges to another user who was just created
mysql> grant delete, insert, update, select, create, index on simpledb.* to 'jobuser'#'localhost';
but I get an error:
ERROR 1044 (42000): Access denied for user 'adminuser'#'localhost' to database 'simpledb'
Why?
This is the user privileges:
GRANT USAGE ON *.* TO 'LMMXT'#'localhost' IDENTIFIED BY PASSWORD '*...'
GRANT ALL PRIVILEGES ON `LMMXT`.`*` TO 'LMMXT'#'localhost'
I can LOGIN with the user, USE Database, but always when I want CREATE TABLE:
# mysql -u LMMXT -p -h localhost
mysql> use LMMXT
Database changed
mysql> create table test;
ERROR 1142 (42000): CREATE command denied to user 'LMMXT'#'localhost' for table 'test'
And:
mysql> SELECT USER(),CURRENT_USER();
+---------------------+---------------------+
| USER() | CURRENT_USER() |
+---------------------+---------------------+
| LMMXT#localhost | LMMXT#localhost |
+---------------------+---------------------+
1 row in set (0.00 sec)
So, also I've tried with:
mysql> FLUSH PRIVILEGES;
User is set for host access from 'localhost' and '%'
I've seen other solutions on StackOverflow, but none works.
Thanks in advance
Try changing your grant statement to
GRANT ALL PRIVILEGES ON LMMXT.* TO 'LMMXT'#'localhost'
I'm not sure if the ` characters around the statement are causing a problem
I have an existing table and I want to update host part in privileges using Grant command
mysql> show grants
-> ;
+------------------------------------------------------------------------------------------------------------+
| Grants for ssc#localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ssc'#'localhost' IDENTIFIED BY PASSWORD '*ABCDEFABCDEF' |
| GRANT ALL PRIVILEGES ON `ssc`.* TO 'ssc'#'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
To be able to connect as ssc from anywhere you have to create an additional user and grant him necessary rights
CREATE USER 'ssc'#'%' IDENTIFIED BY '<your password>';
GRANT ALL PRIVILEGES ON `ssc`.* TO 'ssc'#'%' WITH GRANT OPTION;
Read more about that in Adding User Accounts
I have to provide direct access to my database to some users for auditing purposes, and should add a restriction to avoid that these new users don't have deleting, updating and altering privileges.
Just create a user and grant only SELECT privilege.
CREATE USER user_name#host_name identified by 'password';
GRANT SELECT ON db_name.* TO user_name#host_name;
To check what privileges a user has use
SHOW GRANTS FOR user_name#host_name;
and make sure that a user only has GRANT USAGE and GRANT SELECT ON db_name.*
Lets say I have my_db database with test table in it and I want to create a user with a name user1 who will be allowed to connect only from local host and will be able to read data from all tables in this database but won't be able to insert, change, and delete data.
mysql> create user user1#localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for user1#localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user1#localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> grant select on my_db.* to user1#localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for user1#localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user1#localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT SELECT ON `my_db`.* TO 'user1'#'localhost' |
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Now lets see what our user1 can and can't do
$ mysql -uuser1 -p
mysql> use mysql
ERROR 1044 (42000): Access denied for user 'user1'#'localhost' to database 'mysql'
mysql> use test
ERROR 1044 (42000): Access denied for user 'user1'#'localhost' to database 'test'
mysql> use my_db
Database changed
As you can see our user1 can only connect to my_db database.
Now let see what that user can do with data in table test (the only table in that database)
mysql> select * from test;
+------+
| id |
+------+
| 1 |
| 2 |
+------+
2 rows in set (0.00 sec)
mysql> insert into test values (3);
ERROR 1142 (42000): INSERT command denied to user 'user1'#'localhost' for table 'test'
mysql> delete from test where id = 1;
ERROR 1142 (42000): DELETE command denied to user 'user1'#'localhost' for table 'test'
mysql> update test set id = 10 where id = 1;
ERROR 1142 (42000): UPDATE command denied to user 'user1'#'localhost' for table 'test'
Again as you can the user can only select from the table.