Allowing remote access in MySql 8.0 not allowed - mysql

A lot of the existing answers are targeting the old MySQL and I haven't been able to find a solution for the new MySQL 8.0.
mysql> SELECT user FROM mysql.user;
+------------------+
| user |
+------------------+
| mysql.infoschema |
| mysql.session |
| mysql.sys |
| r00t |
| root |
+------------------+
I have already a user called r00t.
When I login as root and try to give r00t remote permission:
GRANT ALL PRIVILEGES ON *.* TO r00t#'18.132.x.xxx';
ERROR 1410 (42000): You are not allowed to create a user with GRANT
But the user already exists, so what gives?
The old way doesn't work either:
GRANT ALL PRIVILEGES ON *.* TO 'r00t'#'18.132.x.xxx' IDENTIFIED WITH caching_sha2_password BY 'myPass';
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'IDENTIFIED WITH caching_sha2_password BY
'myPass'' at line 1

In MYSQL the users account is identified by the username and the domain i.e.
username domain
`r00t` and '18.132.x.xxx'
So if you created a 'r00t'#'localhost' it is not the same as 'r00t'#'18.132.x.xxx'
So in fact you are trying to create a new account, or rather 'r00t'#'18.132.x.xxx' does not exist yet, hence the error.
So first you should create the account 'r00t'#'18.132.x.xxx'

Related

how do I grant a new user the privilege to create a new database in MySQL

how do I grant a new user the privilege to create a new database in MySQL
Specifically:
the database does not exist yet
I have successfuly created a new DB user account (that is not admin)
I want that non-admin user to create a new database
I do NOT want the 'admin' user to create the database and then grant privs to the database to the new user
as 'admin', I want to grant the new user the privilege to create a new database
I do not want to grant the new user any additional privileges on existing databases
This is not covered anywhere in the documentation that I can find.
Monday 2022-04-04
Update:
I created user 'scott' and then logged in as MySQL user 'admin' When I run this command
Note: The 'test' database does not yet exist
mysql>GRANT CREATE ON test.* to 'scott'#'localhost';
I get an error
==> ERROR 1410 (42000): You are not allowed to create a user with GRANT
Why do I get this error? I am not attempting to create a user, but rather grant a user access to a non-existent database (as is the approach with MySQL to grant a user privileges to create a database).
If up update the SQL statement to:
mysql>GRANT CREATE ON test.* to scott;
It runs OK
Query OK, 0 rows affected (0.07 sec)
And so now I login as user 'scott and run this statement:
mysql>create database rum;
==> ERROR 1049 (42000): Unknown database 'test'
Why do I get this error?
At this point, I am still not able to create a database as a non-admin user.
Example: grant "scott" the privilege to create the test3 database, which does not exist yet:
mysql> select user();
+----------------+
| user() |
+----------------+
| root#localhost |
+----------------+
mysql> grant create on test3.* to 'scott'#'localhost';
Query OK, 0 rows affected (0.01 sec)
Now try as scott to create the database:
mysql> select user();
+-----------------+
| user() |
+-----------------+
| scott#localhost |
+-----------------+
mysql> show grants;
+---------------------------------------------------------+
| Grants for scott#localhost |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO `scott`#`localhost` |
| GRANT ALL PRIVILEGES ON `test`.* TO `scott`#`localhost` |
| GRANT CREATE ON `test3`.* TO `scott`#`localhost` |
+---------------------------------------------------------+
mysql> create database test3;
Query OK, 1 row affected (0.00 sec)
mysql> use test3;
Database changed
MySQL has one privilege called CREATE which is for creating both databases and tables. See https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create
You can either grant the user privilege to create a database of a specific name, or else grant them the privilege to create a database of any name, but that means they can also create other tables, either in the new database or in other existing databases. Sorry, there may not be a solution for you to allow them to create any new database without specifying the name when you grant the privilege, but then only have privilege in that database.
You are not allowed to create a user with GRANT
You did not create the user scott. Older versions of MySQL allows GRANT to implicitly create a user if one does not exist, but that has been disabled on more recent versions because folks realized it is a security weakness.
To be clear, the user "scott" is just an example I used. Don't literally use the name "scott" if that's not the user to whom you want to grant privileges.
The other errors you got seem to be that you granted the user privileges on a database named test.* but then you tried to create a database with a different name. The example I showed only grants the privilege to create the specific named database, not a database named rum or any other database.
I understand you want to grant privilege to create a database of any name. The syntax for that would be GRANT CREATE ON *.* TO... but that would grant the user privileges on all the other existing databases too.
There is no combination of syntax to grant privileges on any database name wildcard that means any database, provided that it is not yet created.

Syntax error updating mysql user password in mysql Server version: 8.0.21 MySQL Community Server - GPL

I am trying to update the password of user == admin, my SQL version is Server version: 8.0.21 MySQL Community Server - GPL
+------------------+
| user |
+------------------+
| admin |
| admin |
| mysql.infoschema |
| mysql.session |
| mysql.sys |
+------------------+
update user set authentication_string=PASSWORD('password#1234') where user='admin';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('password#1234') where user='admin'' at line 1
mysql> UPDATE user
-> SET authentication_string = PASSWORD('password#1234')
-> WHERE user = 'admin' AND
-> host = 'localhost';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('password#1234')
WHERE user = 'admin' AND
host = 'localhost'' at line 2
I have tried the above two and with password in place of authentication_string. It anyway should be authentication_string as the user table contain column with this only
"user" is a reserved keyword. You need to surround it with backticks:
UPDATE `user`
SET `authentication_string`=PASSWORD('password#1234')
WHERE `user`='admin';
use mysql;
update user set user='admin' where user='root';
flush privileges;
ALTER USER "admin"#"%" IDENTIFIED BY 'newpassword';
ALTER USER "admin"#"localhost" IDENTIFIED BY 'newpassword';
This is how I update the username and password. Thanks to #ghostgambler

How to GRANT privileges to user on Ubuntu MySQL database? [duplicate]

This question already has answers here:
Can't find any matching row in the user table
(4 answers)
Closed 3 years ago.
I logged in as root with
sudo mysql -u root
and created a database xxx with this command:
CREATE DATABASE xxx;
I want to give privileges to user webuser on xxx with this command:
GRANT ALL PRIVILEGES ON xxx.* TO 'webuser'#'localhost';
I'm getting this messages:
ERROR 1133 (42000): Can't find any matching row in the user table
What am I doing wrong?
Additional information:
The user already exists. This:
mysql> SELECT User, Host FROM mysql.user WHERE User='webuser';
outputs as:
+---------+------+
| User | Host |
+---------+------+
| webuser | % |
+---------+------+
1 row in set (0.00 sec)
it's better to use this link create user and add privileges
or just before run this command
GRANT ALL PRIVILEGES ON xxx.* TO 'webuser'#'localhost'
you should do this
CREATE USER 'webuser'#'localhost' IDENTIFIED BY 'password'
with this command you add the webuser in the mysql user on localhost with the password of 'password'
and after that add privileges to your user

How to grants information_schema in mysql windows

I tried to grants information_schema but it gave me this error
first I showed my grants but nothing:
mysql> show grants for root;
ERROR 1141 (42000): There is no such grant defined for user 'root' on host '%'
then I tried to grant:
mysql> grant select on information_schema.* to 'root'#'%' identified by 'password123';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'password123'' at line 1
but with show grants; :
mysql> show grants;
+-------------------------------------------------------------------------------- --------------------------------------------------------------------------------- --------------------------------------------------------------------------------- --------------------------------------------------------------------------------- -----------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`#`localhost` WITH GRANT OPTION |
| GRANT BACKUP_ADMIN,BINLOG_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION _ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`#`localhost` WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `testdb`.* TO `root`#`localhost` |
| GRANT ALL PRIVILEGES ON `%`.* TO `root`#`localhost` |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5 rows in set (0.00 sec)
I tried also this but with error:
mysql> GRANT ALL PRIVILEGES ON 'information_schema'.* TO 'root'#'localhost';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''information_schema'.* TO 'root'#'localhost'' at line 1
How can I grant my information_schema?
The syntax for granting privileges should be like:
GRANT ALL PRIVILEGES ON testDB.* TO 'root'#'localhost' identified by 'test';
Note: The database name won't be inside quotes.
After overcoming syntax error also, we don't have permission to grant any privilege to the information_schema database.
SHOW GRANTS; or SHOW GRANTS FOR CURRENT_USER; both shows all the granted privileges for the current user. To see grants of root user you need to log in as root and then execute the above command.

MySQL: ERROR 1227 (42000): Access denied - Cannot CREATE USER

I'm using MySQL 5.5.16 noinstall Zip Archive on Win7.
After I started the server, the command show databases showed me a list of 2 databases: information_schema and test. The latter is empty.
Where is the table user?
I tried to create a new user through this command create user newUser; and got the following error message: ERROR 1227 (42000): Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
What should I do to create, databases, tables, and do all the operations I want to do? I don't know if the fact that I'm using MySQL 5.5.16 noinstall Zip Archive has something to do with the error message?
First thing to do is run this:
SHOW GRANTS;
You will quickly see you were assigned the anonymous user to authenticate into mysql.
Instead of logging into mysql with
mysql
login like this:
mysql -uroot
By default, root#localhost has all rights and no password.
If you cannot login as root without a password, do the following:
Step 01) Add the two options in the mysqld section of my.ini:
[mysqld]
skip-grant-tables
skip-networking
Step 02) Restart mysql
net stop mysql
<wait 10 seconds>
net start mysql
Step 03) Connect to mysql
mysql
Step 04) Create a password from root#localhost
UPDATE mysql.user SET password=password('whateverpasswordyoulike')
WHERE user='root' AND host='localhost';
exit
Step 05) Restart mysql
net stop mysql
<wait 10 seconds>
net start mysql
Step 06) Login as root with password
mysql -u root -p
You should be good from there.
CAVEAT: Please remove anonymous users !!!
For me the issue was ( for a very strange reason ) the fact that root had Host of % instead of localhost
I received the above error when trying to DROP USER;
Privileges as suggested in the answer above - I already had, so the solution wasn't suitable for me.
The DB looked like this:
mysql> drop user 'testuser'#'%';
ERROR 1227 (42000): Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation
mysql> select Host,User,drop_priv from user;
+------+------------------+-----------+
| Host | User | drop_priv |
+------+------------------+-----------+
| % | mysql.infoschema | N |
| % | mysql.session | N |
| % | mysql.sys | N |
| % | root | Y |
+------+------------------+-----------+
And
mysql> SHOW GRANTS FOR 'root'#'%';
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#% |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`#`%` WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
I tried many things, but eventually I changed the Host from % to localhost for security concerns, nothing else.
mysql> UPDATE user SET Host='localhost' WHERE user='root' LIMIT 1;
Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0
I don't know why, but it worked.
mysql> quit
$ mysql -u root -p
.. ENTER (NO PASSWORD) ..
mysql> drop user 'testuser'#'%';
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
No idea why, but hope it will help others ...
I'm using CentOS which has SELinux and other stuff, which maybe other components are correlated with this. don't know.