I've been digging around trying to fix this issue however i'm coming up short. I'm trying to grant all privileges on *.* to 'root'#'%' with grant option on a mariadb server, as a current user of 'root'#'localhost' and continually get access denied.
SHOW GRANTS FOR CURRENT_USER()\G;
*************************** 1. row ***************************
Grants for root#localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*sanitized' WITH GRANT OPTION
*************************** 2. row ***************************
Grants for root#localhost: GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION
i have tried FLUSH PRIVILEGES several times as well as restarting the service.
+--------------------------+---------------+------------+------------+
| host | user | Grant_priv | Super_priv |
+--------------------------+---------------+------------+------------+
| localhost | root | Y | Y |
MariaDB [(none)]> select current_user();
+----------------+
| current_user() |
+----------------+
| root#localhost |
+----------------+
select user,host from mysql.user;
+---------------+--------------------------+
| user | host |
+---------------+--------------------------+
| root | % |
Related
This is from my terminal in mac.
130-229-0-129-dhcp:~ suyeshamatya$ mysql
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> quit
Bye
130-229-0-129-dhcp:~ suyeshamatya$ mysql -u root -p
Enter password:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| lportal |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
Can someone please explain why mysql is showing different number of databases when connecting without any username/password and when connecting with root username/password?
UPDATE:
Connected without username/password
mysql> show grants;
+--------------------------------------+
| Grants for #localhost |
+--------------------------------------+
| GRANT USAGE ON *.* TO ''#'localhost' |
+--------------------------------------+
1 row in set (0.00 sec)
Connected with root username/password
mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '********************' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Grant USAGE means no privileges for that user according to Manual. So when you login without username and password. It will show default mysql schema. If you want to user using following query:
select User from mysql.user;
It will throw error like
SELECT command denied to user ''#'localhost' for table 'user';
Which means you do not have permission on default database to view users details.
If you login with username and password then all the databases created by that User will show you.
I am not sure but I think that the the "unknown user" has no privileges to see the other databases. Please check this in the mysql database.
I have this:
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| root#% |
+----------------+
1 row in set (0.00 sec)
mysql> SELECT USER();
+------------------+
| USER() |
+------------------+
| root#CQ2404LA-PC |
+------------------+
1 row in set (0.00 sec)
mysql>
mysql> GRANT ALL PRIVILEGES ON `Company`.* TO 'TheUser'#'%' IDENTIFIED BY PASS
WORD '*3814FFAFF303C7DBB5511684314B57577D754FF9';
ERROR 1044 (42000): Access denied for user 'root'#'%' to database 'Company'
Access denied for user 'root'#'%' to database 'Company'
Now reviewing the root privileges I have:
mysql> show grants for 'root'#'localhost';
+-------------------------------------------------------------------------------
---------------------------------------------------------+
| Grants for root#localhost
|
+-------------------------------------------------------------------------------
---------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*158
FB31F24156B52B2408974EF221C5100001544' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION
|
+-------------------------------------------------------------------------------
---------------------------------------------------------+
2 rows in set (0.00 sec)
Before, I tested (Locally) And Works fine!.
Now Remotely Privileges:
mysql> show grants for 'root'#'%';
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------------------------------------------------+
| Grants for root#%
|
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS,
FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES,
LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW
VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER ON *.* TO 'root'#'%' IDENTIFIED
BY PASSWORD '*158FB31F24156B52B2408974EF221C5100001544' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'%' WITH GRANT OPTION
Doesn't work!!!, I think that it must work because: "ON *.* TO 'root'#'%'"
Looking for the difference:
'root'#'%' haven't CREATE TABLESPACE, EVENT and TRIGGER
mysql> SELECT Host, Event_priv, Trigger_priv, Create_tablespace_priv,
authentication_string FROM mysql.user WHERE USER = "root";
+-----------+------------+--------------+------------------------+--------------
---------+
| Host | Event_priv | Trigger_priv | Create_tablespace_priv | authenticatio
n_string |
+-----------+------------+--------------+------------------------+--------------
---------+
| localhost | Y | Y | Y |
|
| % | N | N | N | NULL
|
+-----------+------------+--------------+------------------------+--------------
---------+
2 rows in set (0.01 sec)
mysql>
But, I think that is not root of problem...
Maybe The solution will be, to use: GRANT ALL PRIVILEGES ON *.* TO 'root'#'%', but I think "all privileges" have other thing than "an amount of privileges".
To use GRANT, you must have the GRANT OPTION privilege, and you must have the privileges that you are granting.
— http://dev.mysql.com/doc/refman/5.6/en/grant.html
If you don't hold "all privileges," you can't grant "all privileges."
Fix the root#% user's missing privileges and the problem will be resolved, although you really should understand what each privilege does and only grant the appropriate ones to each user.
I have mysql Server version: 5.5.32-0ubuntu0.12.04.1 (Ubuntu) installed linux Ubuntu 12.04 LTS.
I seem to have all the permissions as root. I can create a user and a db. However, I cannot seem to give the user all the permissions to the db.
My .my.cnf:
[client]
user=root
password=test
I login through mysql -u root -h localhost -p, but I cannot login without the -p option though I have the .my.cnf (not an issue, but odd).
There were a bunch of root users, so I got rid of them and I have these users:
mysql> SELECT host,user,password FROM mysql.user;
+-----------+------------------+-------------------------------------------+
| host | user | password |
+-----------+------------------+-------------------------------------------+
| localhost | root | ***************************************** |
| localhost | debian-sys-maint | ***************************************** |
+-----------+------------------+-------------------------------------------+
mysql> SHOW GRANTS FOR 'root'#'localhost';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*****************************************' |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------+
Now, I create a db, a user. The last line shows an error when I grant permissions. Can you please let me know why I am getting this error and what I can do to make this work?
mysql> create database staging;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER 'staging'#'localhost' IDENTIFIED BY 'test';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON staging.* TO 'staging'#'localhost';
ERROR 1044 (42000): Access denied for user 'root'#'localhost' to database 'staging'
First, Identify the user you are logged in as:
select user(); select current_user();
The result for the first command is what you attempted to login as, the second is what you actually connected as. Confirm that you are logged in as root#localhost in mysql.
The issue was that the installation I came up with did not provide Grant_priv to root#localhost. Here is how you can check.
mysql> SELECT host,user,password,Grant_priv,Super_priv FROM mysql.user;
+-----------+------------------+-------------------------------------------+------------+------------+
| host | user | password | Grant_priv | Super_priv |
+-----------+------------------+-------------------------------------------+------------+------------+
| localhost | root | ***************************************** | N | Y |
| localhost | debian-sys-maint | ***************************************** | Y | Y |
| localhost | staging | ***************************************** | N | N |
+-----------+------------------+-------------------------------------------+------------+------------+
You can see that the Grant_priv is set to N for root#localhost. This needs to be Y. Here is how I fixed this:
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
GRANT ALL ON *.* TO 'root'#'localhost';
I did get some permission error, but when I logged back in, it was fine.
try flushing privileges after granting permissions
GRANT ALL PRIVILEGES ON staging.* TO 'staging'#'localhost' IDENTIFIED BY 'test';
FLUSH PRIVILEGES;
For those who still stumble upon this like I did, it's worth checking to make sure the attempted GRANT does not already exist:
SHOW GRANTS FOR username;
In my case, the error was not actually because there was a permission error, but because the GRANT already existed.
I created a database from the mysql prompt. It is named "spring_security_tutorial".
Then, I created a user named "erdinc#localhost" and granted the user all the privileges for the "spring_security_tutorial" db.
Here is the "show databases" result when I am connected as root:
mysql> show databases;
+--------------------------+
| Database |
+--------------------------+
| information_schema |
| mysql |
| performance_schema |
| spring_security_tutorial |
| springsecurity |
| test |
+--------------------------+
6 rows in set (0.00 sec)
Here is the result of the command "use spring_security_tutorial" when I am connected as root:
mysql> use spring_security_tutorial;
ERROR 1049 (42000): Unknown database 'spring_security_tutorial'
Here is the result of the command "select user(), current_user()":
mysql> select user(), current_user()
+----------------+----------------+
| user() | current_user() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
Here are the privileges of the root and erdinc users:
mysql> show grants for 'root'#'localhost';
+---------------------------------------------------------------------+
| Grants for root#localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'erdinc'#'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for erdinc#localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'erdinc'#'localhost' IDENTIFIED BY PASSWORD '*8DCDD69CE7D121DE8013062AEAEB2A148910D50E' |
| GRANT ALL PRIVILEGES ON `spring_security_tutorial`.* TO 'erdinc'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I cannot use the spring_security_tutorial database as root user even if I can see it with "show databases".
Also, when I am connected as "erdinc#localhost", I cannot even show the mentioned database.
It just shows the test and information_schema databases.
I am looking up for this for a couple of hours now. Actually I used to use mysql in the past, either something changed in the usage or I am missing something very obvious because this used to be a trivial task.
Thanks in advance.
I have an ubuntu server with mysql installed, at one point I saw the php code running on the server could access mysql but I can't access mysql remotely, for another server or sequal pro.
$ mysql -u root -p
mysql> GRANT ALL on *.* TO 'thomas'#'%';
mysql> exit
$ mysql -u thomas -p
mysql> show grants;
+------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for thomas#localhost |
+------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'localhost' IDENTIFIED BY PASSWORD '[ENCRYPTEDPASSWORD]' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> exit
$ mysql -u thomas -p -h [SERVERIP]
ERROR 1045 (28000): Access denied for user 'thomas'#'[SERVERNAME]' (using password: YES)
Update:
I wen't in and dropped all the users that where made (some didn't have passwords) I was going by the mysql.user table and using the drop user command.
CREATE USER 'thomas'#'localhost' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'localhost' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'[SERVERIP]' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'%' IDENTIFIED BY '[PASSWORD]';
the table now looks like this:
+--------------+------------------+
| Host | User |
+--------------+------------------+
| localhost | root |
| localhost | phpmyadmin |
| 127.0.0.1 | root |
| ::1 | root |
| localhost | debian-sys-maint |
| localhost | thomas |
| [SERVERIP] | thomas |
| % | thomas |
+--------------+------------------+
Well, you have
GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'localhost'
but you are not on localhost. You might want to try
GRANT ALL PRIVILEGES ON *.* TO 'thomas'#'%'
Ofcourse you have to add IDENTIFIED BY 'password' if you so desire