MySQL revoke permissions for external connections - mysql

I need to give a remote user access to a MySQL database. I also need to limit the permissions they have to the MySQL database tables. The current database contains approx. 50+ tables so rather than revoke permissions table by table, I'm trying to give the user access with no privileges and then add those that are needed. What I've done appears to work when:
I'm logged in as root (via SSH)
I login using "mysql -u username -p" - enter my password for the newly created user.
This users account honors all the privileges I've set up. However, when this user tried to connect via their desktop client - they can connect but can not view the database. When using "use databasename" they get this error:
Error Code: 1044. Access denied for user 'username'#'%' to database 'database_name'
Not sure if this helps but I'm using Media Temple DV w/ Plesk. I've first added the user. Then I SSH in and revoked ALL privileges. Then I added the privileges for the user and did command "flush privileges". Nothing is working. As I said, if I'm accessing via the command line (after SSHing in as root) the permissions are honored and I can access the database - just not remotely.
Any help would be greatly appreciated.

May be network that is allowed to connect is localhost, but not users network IP.
And check max connections amount.

If you're logged in as root via SSH and MySQL database is on the same machine, then i guess that if you run:
mysql -u username -p
you try to connect to MySQL as 'username'#'localhost' user.
If you want to connect to MySQL database from outside of this server, you need to:
create user like 'username'#'%' which allow to connect to MySQL using 'username' from anywhere ('%')
allow mysql server to connect from outside by setting bind-address more details here

Related

How to restrict the root MySQL system user to a single host in GCP Cloud SQL?

I am logged into MySQL with a user with full admin privileges, and wish to update the root user to only allow login via localhost.
Currently, the root user has full privileges via 'root'#'%', and I'd like to change that to 'root'#'localhost'. I've tested this out on a local mysql install and it worked fine. However, in GCP Cloud SQL I'm unable to do so.
Running:
RENAME USER 'root'#'%' TO 'root'#'localhost';
Yields the error:
ERROR 1221 (HY000): Incorrect usage of RENAME and SYSTEM USER
Is there any way to achieve what I want to do in locking down where the root user can login from? I would like to avoid any MySQL downtime if possible. I am using MySQL 5.7.
As per the document, because Cloud SQL is a managed service, it restricts access to certain system procedures and tables that require advanced privileges and that includes restricting the hostname for the default root user account.
What I can suggest is that you create another MySQL user on cloud console. That user have the same privileges as the root user plus you'll be able to restrict the hostname or limit the privileges for this user. In a way you can say that Cloud SQL encourages you to create separate user accounts for different purposes because the root user is a very common target for unauthorized access.

Kubernetes mariadb user login

I am fairly new to the system. Fortunately Google cloud plateform has a one click setup for master slave mariadb replication which i opted or(https://console.cloud.google.com/marketplace/details/google/mariadb?q=mariadb). After which I could login in as root and create a user. I ran the following sql command.
create user 'user'#'localhost' identified by 'password';
After sucessfully creating the user, If i am inside either master or slave pod i could login in local instance but I could not login from outside those pods or from one pod to another pod in mariadb instances.For loggin I used the following command
mysql -u user -h mariadb-1-mariadb.mariadb.svc.cluster.local -p
where mariadb-1-mariadb = service and mariadb=namespace
I keep on getting error.
Error 1045(2800): Access denied for the user
Any help is greatly appreciated. I think you might want to read the yaml file on gcp if you are to think about port blocking but I think it shouldn't be that issue.
I had issue in creating user. When I tried to login as user, it used to somehow pick up my container ip I am trying to login from. All I needed to do was make user not local host but global with '%' and that solved the issue.
create user 'user'#'%' identified by 'password';

ownCloud Setup: SQLSTATE[HY000][1045] Access denied for user 'owncloud'#localhost' (using password:YES)

I wanted to setup my owncloud installation on my raspberry pi 2. So, I created an mysql database and user.
CREATE DATABASE owncloud;
CREATE USER 'owncloud'#'localhost' IDENTIFIED BY 'Password';
GRANT ALL PRIVILEGES ON owncloud. * TO 'owncloud'#'localhost';
FLUSH PRIVILEGES;
After I type all nessesairy parameters into the webinterface of the owncloud-setup, I recevied:
Error while trying to create admin user: Failed to connect the database: An exeption occured in driver: SQLSTATE[HY000][1045] Access denied for user 'owncloud'#'localhost' (using password:YES)
Sadly, my resent sreach on similar topics didn't result in any functional hint on this problem. So, I would be happy about further suggestions.
Look at this: https://doc.owncloud.org/server/9.0/admin_manual/installation/installation_wizard.html#database-choice
In Terminal: mysql_upgrade --force -u root -p
Use administrative MySQL »root«-user and password with the Installation Wizard
Check that the Database not exist which you create with the Installation Wizard
If nothing helps, start with sqlite, then migrate to mysql like this: https://doc.owncloud.org/server/9.0/admin_manual/configuration_database/db_conversion.html
Just replace localhost for 127.0.0.1 in Owncloud's setup form for MySQL as mentioned in comments above by Askaga
For some reason, explicitly re-access the database from the terminal solves the problem for me. Just give mysql an empty line with
mysql -u root -e ";"
This should be an individual command after you created database and database user.
Sure, you should always check whether
There are users with an empty username. Remove them.
Remove "test" database.
Grant appropriate permission to your database user.
Last but not least FLUSH PRIVILEGES;.
Search other posts for instructions. I'm just providing a possible solution if you come across a situation where none of the above works.
Here's a good example to properly setup mysql after installation. FYI.
Mask the DB password in the installation screen (the password should not be visible, only dots) and retry.
Ubuntu 18.04.1, Owncloud 10.
Check the contents of config.php in my case located at /var/www/owncloud/config/.
Specialy items dbuser and dbpasswrd.
Read config.sample.php in the same directory for info.

MySQL workbench - Can't connect to a specific database

I'm facing a strange issue here and it seems impossible to me to connect to my MySQL database.
I have used the workbench few times ago, but it was an older version. The problem with the new one (6CE) is that I can't connect directly to a database - it only allows me to create a connection to the server as a root user and I don't remember this password.
Is there a way to make a connection directly to the dataase itself as in the previous versions, or now only the root is an option. If yes I will have to reset my password.
Make sure that your credentials are still valid, and has proper privileges. If you can log into your mysql-server from terminal (with root account or the user you are trying with), then run "SHOW GRANTS" and see the privileges;
To connect to mysql database you need to have your user account's hostname specific to your IP or wildcard (%).
Similarly you can create a new mysql user with the following command from your server, and then try with this new user.
GRANT ALL ON <db>.* TO 'user'#'<ip or %>' IDENTIFIED BY '<password>' ;
FLUSH PRIVILEGES;
Be careful with the user created above. It will have ALL privilege with the specific database. And using % is actually a bad idea, so user you home machines IP (from where you are trying to connect with Workbench)

unable to change to different user in mysql

I am also using windows 7.I installed mysql server 5.1.
Created a user as 'user#localhost' using mysql console. But unable to login to that user.
I tried to run using command prompt.
When I created a user with name "user". when i tried mysql -u user -p
It says Access Denied to 'user#localhost' ..
Even trying with mysql console is not helping out here. .
A few things to try:
Make sure your user has the correct privileges set (global or schema level privileges)
try running FLUSH PRIVILEGES
To help us troubleshoot, what does this command return? SHOW GRANTS FOR 'user'#'localhost';