I want one Linux server to get or put data to the MySQL server on another Linux machine. I want to avoid granting
GRANT ALL PRIVILEGES ON *.* TO root#% IDENTIFIED BY 'password';
but instead would like to do:
GRANT ALL PRIVILEGES ON *.* to root#123.123.123.123 ..
where 123.. is the IP of the server that is making the request. Where would I go to get a log of the request made on the receiving database end, to know what IP is being queried from? I don't know enough about networking to know this, or to be sure which IP is being used.
Also, would it be OK to use a hostname of the querying server, or is that slower due to DNS lookup time?
If you want to know what IP you're connecting from:
SHOW PROCESSLIST
This will show the originating IP. You can tighten your rules accordingly.
As per my comment to #tadman, the problem turned out to be that I had
bind = 127.0.0.1
in the my.conf file found in /etc/mysql.
Well, once I disabled and restarted mysql, mysql came back and said "permission denied to root#____" - but then I was able to know the IP address. Predictably I guess, it was the primary DNS IP for that server. But problem solved because I was able to set that permission on the remote.
Related
I'm doing a web project and im using wamppserver to take care of the server and database. And now I'm facing a problem, I have to share the project. So it would be useful if i could share the specific DB that I use in the project, so that other people can access from their machines and get all the data previously stored in the DB. Is it possible to do it? How?
If you need to grant access to other machines to one database on local mysql server, you need to do some things:
You need to open MySQL to network interface: Check my.cnf, and do this:
Comment the line skip-networking.
Change the line bind-address to hold your LAN IP address / WAN IP address (if the machine itself have the WAN IP) / 0.0.0.0 (for all IPv4 addresses of the machine) / :: (for all IPv4 and IPv6 addresses of the machine). After reconfigure, restart MySQL server.
Check / configure your firewall for port 3306 opened (You can configure firewall for accept connections only from the required IPs) (Configuration for doing this will depend on your firewall software).
Grant access to the user(s) from the IPs you will need.
You can give access to one user from all IPs, for doing this, execute command [1] on MySQL cli or phpmyadmin, with a user with SUPER privileges (usually root).
You can give access to one user from one IP. Execute command [2].
[1]: GRANT ALL PRIVILEGES ON database.* TO 'user'#'%' IDENTIFIED BY 'password';
[2]: GRANT ALL PRIVILEGES ON database.* TO 'user'#'host' IDENTIFIED BY 'password';
You need to replace database with the name of the database to give privileges, user with the username accessing, host with the IP address of the client accessing, and password, with the desired password.
You can also, repeat command [2] if you want the same username to have access from two different IPs for example. Also, you can use a combination of [1] and [2], using a host with this example format: #'192.168.0.%', for giving access to these user from all computers on the 192.168.0.0/24 network.
Also, you can give really fine privileges, for example, changing GRANT ALL PRIVILEGES with GRANT SELECT, INSERT, these user only can do SELECT and INSERT statements, but not UPDATE or DELETE ones for example. You can check MySQL doc or StackOverflow for more info about this.
I have a MySQL Server on some workplace running, now I want to connect to it from my homeplace, get the databases, etc...
I have the IPAdress of the workplace computer, but I cannot get access to it from my home MySQL Program if I enter the ip-adress in the connection string...
seems not to be accessible from publice.. is it possible to do it nevertheless? or impossible?
With MySQL you need to grant access to the IP you're trying to connect to it from..
GRANT USAGE ON *.* to root#xxx.xxx.xxx.xxx IDENTIFIED BY 'rootPassword';
GRANT ALL PRIVILEGES ON *.* TO root#xxx.xxx.xxx.xxx WITH GRANT OPTION;
Where XXX.XXX.XXX.XXX is the IP of the machine your trying to connect from, which you can find out by typing in google, "whatsmyip"
If you have a firewall enabled on your workstation, you also must permit your IP in the firewall as well.
You need also change bind-address in MySQL configuration. Default MySQL is running on localhost (127.0.0.1), you need change it to 0.0.0.0 (all interfaces).
If you don't have public address IP, you need use some VPN, read another topic: https://askubuntu.com/questions/64016/access-workstations-without-public-ip-maybe-with-vpn
I have mysql server master having dynamic ip address as my internet service provider can not give me the static one.
Is there any other option to replicate mysql data with ip address change all the time?
well you have to try to use the "%" for the host part :
GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
Make sure that the changes talk affect with:
flush privileges
else, you shall better use OpenVPN or an SSH Tunneling to avoid these problems.
Finally I found the solution to host/ replicate mysql server with dynamic ip by using LogMein Hamachi. By install to both of Mysql server (windows), create and join the network, I can comunicate between the master and slave without worrying the public ip change.
So, a couple of days ago, our master instance of MySQL started blocking me from accessing all but a couple of databases but only when connecting from a specific IP address. I can connect and see all the databases when connecting from any other IP address and I can connect and see all databases when connecting to a slave instance. Credentials are the same regardless. I've never seen anything like this.
To gain access to all databases you need to run these commands as a privileged user (eg on the machine itself):
grant all privileges on *.* to YOUR_USER_ID#REMOTE_IP_ADDRESS_YOU_WANT_TO_BE_ALLOWED;
flush privileges;
To get the YOUR_USER_ID#REMOTE_IP_ADDRESS_YOU_WANT_TO_BE_ALLOWED run the select user(); command. This will let you know how you are accessing the database, you can grant privileges accordingly
I think what you'll want to do to start exploring this problem is:
http://dev.mysql.com/doc/refman/5.0/en/show-grants.html
show grants for 'user'#'host';
Try run this script
GRANT ALL ON . to user#'%' IDENTIFIED BY 'password';
It would allow you to access from any IP Address and any machines and access all databases.
Good Luck :)
My problem is this command produces an error when I tried to connect from our server to another external server :
mysql -h db.hostname.com -u username -pP#ssword database_name
And this is the error :
ERROR 1044 (42000): Access denied for user 'username'#'%' to database 'database_name'
I already asked the external server admin to add our IP in their firewall but to no avail..
Has this something to do with GRANTing privileges to the 'username'
It's not a problem with firewall, since MySQL is denying the connection. As you suspect, it is a problem with the privileges granted for the user. You need to execute this on the mysql server (you might need to tweak this a bit if you don't want to grant all privileges to the db):
GRANT ALL ON database_name.* TO 'username'#'%' IDENTIFIED BY 'P#ssword';
Also note that if you always connect from a specific host/ip, it's a better idea to specify that host/ip, instead of using a wildcard %, which would allow connections from anywhere.
It sounds like the password is wrong, or that the username you are trying to use is not allowed to connect from your computer's IP address.
as you know, the mysql administrator at the remote site can specify which IP's are allowed to connect using any given user account. Bear in mind that your computer's IP address may be routed through all kinds of routers and firewalls on your company's end before you reach the external database. As a result, your IP may appear different to you than to the external database.
In that case, it doesn't help if the external database admin adds YOUR IP to the 'allowed' list, they should add the 'outside world' IP address instead.
The easiest way to find out if this applies to you, is as follows:
visit www.whatismyip.com and write down the IP address on screen. This is your IP as seen from the 'outside world'. It is very likely that this IP is actually the outside IP of a firewall or router within your company's network, and not your computer's IP at all.
Next, (assuming you're on Windows) go to Start > run. Type cmd and hit enter. Type ipconfig and hit enter. You can now see your local IP address.
If these two IP's don't match, tell the remote admin to add your outside world IP to the 'allowed' list as well.
also - once you go to production, and move your code to another server, the IP fun starts again. You might as well fix this right away