I have an existing table and I want to update host part in privileges using Grant command
mysql> show grants
-> ;
+------------------------------------------------------------------------------------------------------------+
| Grants for ssc#localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ssc'#'localhost' IDENTIFIED BY PASSWORD '*ABCDEFABCDEF' |
| GRANT ALL PRIVILEGES ON `ssc`.* TO 'ssc'#'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
To be able to connect as ssc from anywhere you have to create an additional user and grant him necessary rights
CREATE USER 'ssc'#'%' IDENTIFIED BY '<your password>';
GRANT ALL PRIVILEGES ON `ssc`.* TO 'ssc'#'%' WITH GRANT OPTION;
Read more about that in Adding User Accounts
Related
I configured MySQL as follows:
CREATE DATABASE IF NOT EXISTS foodb;
CREATE USER IF NOT EXISTS 'foo'#'localhost';
ALTER USER 'foo'#'localhost' IDENTIFIED BY 'qux';
GRANT ALL ON foodb.* to 'foo'#'localhost';
SHOW GRANTS FOR 'foo'#'localhost';
FLUSH PRIVILEGES;
SELECT user, host, authentication_string FROM mysql.user ORDER BY user, host;
When I run
python manage.py dbshell
I get the following error:
ERROR 1045 (28000): Access denied for user 'foo'#'localhost' (using password: YES)
CommandError: "mysql --user=foo --host=localhost foodb" returned non-zero exit status 1.
Also, this query
SHOW GRANTS for 'foo'#'localhost';
returns
+--------------------------------------------------------------+
| Grants for foo#localhost |
+--------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'#'localhost' |
| GRANT ALL PRIVILEGES ON `foodb`.* TO 'foo'#'localhost' |
+--------------------------------------------------------------+
2 rows in set (0.00 sec)
Finally, switching user to root and the root account password works just fine. So I think the issue must be with the user permissions on MySQL itself.
What additional permissions does 'foo'#'localhost' need for this to work?
I have a MySQL pair that communicates over a VIP. I want to verify permissions for all users (including root) from ANY IP. When I attempt to view all grants for root I get this:
mysql> show grants for root;
ERROR 1141 (42000): There is no such grant defined for user 'root' on host '%'
But there are other grants for root:
mysql> show grants for 'root'#'localhost';
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `*.*`.* TO 'root'#'localhost' |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
How can I view ALL grants for a user (all hosts and databases)?
You can use this:
select * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES;
I'm trying to grant all privileges to a specific IP but when I try to get the list of privileged IPs it always shows only localhost, I followed the instructions in this question but it doesn't do any changes, what am I doing wrong?
MariaDB [(none)]> GRANT ALL ON database.* TO 'root'#'192.168.3.1' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------+
| Grants for root#localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show slave status;
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER,REPLICATION CLIENT privilege(s) for this operation
mysql> show grants;
+------------------------------------------------------------------+
| Grants for root#192.168.1.5 |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'#'192.168.1.5' |
| GRANT ALL PRIVILEGES ON `western_star`.* TO 'root'#'192.168.1.5' |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)
Note:
I still get denied even though I logged in with my user remotely and I have the permissions.
mysql> show slave status;
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER,REPLICATION CLIENT privilege(s) for this operation
mysql> show grants;
+------------------------------------------------------------------+
| Grants for root#192.168.1.5 |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'#'192.168.1.5' |
| GRANT ALL PRIVILEGES ON `western_star`.* TO 'root'#'192.168.1.5' |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)
Try running this statement:
SHOW GRANTS FOR 'root'#'192.168.3.1' ;
And compare to the return from this:
SHOW GRANTS FOR 'root'#'localhost' ;
SHOW GRANTS shows the grants for the current user.
Note that "root#localhost" is not the same user as "root#192.168.3.1". MySQL identifies a user by both user AND host. (Those are two different users.)
FOLLOWUP
The SUPER and REPLICATION CLIENT privileges are global privileges, not database privileges. Syntax for granting those privileges is ON *.*. For example:
GRANT REPLICATION CLIENT ON *.* TO 'root'#'192.168.1.5' ;
This is the user privileges:
GRANT USAGE ON *.* TO 'LMMXT'#'localhost' IDENTIFIED BY PASSWORD '*...'
GRANT ALL PRIVILEGES ON `LMMXT`.`*` TO 'LMMXT'#'localhost'
I can LOGIN with the user, USE Database, but always when I want CREATE TABLE:
# mysql -u LMMXT -p -h localhost
mysql> use LMMXT
Database changed
mysql> create table test;
ERROR 1142 (42000): CREATE command denied to user 'LMMXT'#'localhost' for table 'test'
And:
mysql> SELECT USER(),CURRENT_USER();
+---------------------+---------------------+
| USER() | CURRENT_USER() |
+---------------------+---------------------+
| LMMXT#localhost | LMMXT#localhost |
+---------------------+---------------------+
1 row in set (0.00 sec)
So, also I've tried with:
mysql> FLUSH PRIVILEGES;
User is set for host access from 'localhost' and '%'
I've seen other solutions on StackOverflow, but none works.
Thanks in advance
Try changing your grant statement to
GRANT ALL PRIVILEGES ON LMMXT.* TO 'LMMXT'#'localhost'
I'm not sure if the ` characters around the statement are causing a problem
AFTER update user set host='%' where user='root, I lost some of the privileges from my MySQL root user. So I stopped the server and started it with --skip-grant-tables
msqld --skip-grant-tables
and I tried
mysql>update mysql.user set grant_priv = 'Y' where user = 'root';
Query OK, 0 rows affected (0.00 sec)
mysql>FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
This doesn't work for me. When I log in as root, I still can't see the MYSQL database.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
Please help. I've tried all the solutions still can't restore the privileges for ROOT, always got the "0 row affected" result.
Try
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Update
Run this command to check your current privileges
SHOW GRANTS FOR CURRENT_USER;
It is a bad practice to insert/update/delete from mysql.* tables and information_schema.* tables using direct SQL DML statements.
Update 2
Can you post the results of this command
SELECT (
Host,
Grant_priv,
Super_priv
)
FROM mysql.user
WHERE user = 'root';
All of the _priv columns should have a value Y. And the Host should be localhost.