I created a database from the mysql prompt. It is named "spring_security_tutorial".
Then, I created a user named "erdinc#localhost" and granted the user all the privileges for the "spring_security_tutorial" db.
Here is the "show databases" result when I am connected as root:
mysql> show databases;
+--------------------------+
| Database |
+--------------------------+
| information_schema |
| mysql |
| performance_schema |
| spring_security_tutorial |
| springsecurity |
| test |
+--------------------------+
6 rows in set (0.00 sec)
Here is the result of the command "use spring_security_tutorial" when I am connected as root:
mysql> use spring_security_tutorial;
ERROR 1049 (42000): Unknown database 'spring_security_tutorial'
Here is the result of the command "select user(), current_user()":
mysql> select user(), current_user()
+----------------+----------------+
| user() | current_user() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
Here are the privileges of the root and erdinc users:
mysql> show grants for 'root'#'localhost';
+---------------------------------------------------------------------+
| Grants for root#localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'erdinc'#'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for erdinc#localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'erdinc'#'localhost' IDENTIFIED BY PASSWORD '*8DCDD69CE7D121DE8013062AEAEB2A148910D50E' |
| GRANT ALL PRIVILEGES ON `spring_security_tutorial`.* TO 'erdinc'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I cannot use the spring_security_tutorial database as root user even if I can see it with "show databases".
Also, when I am connected as "erdinc#localhost", I cannot even show the mentioned database.
It just shows the test and information_schema databases.
I am looking up for this for a couple of hours now. Actually I used to use mysql in the past, either something changed in the usage or I am missing something very obvious because this used to be a trivial task.
Thanks in advance.
Related
I am trying to add a user called admin in mariadb and grant them all permissions from any host.
I can see the users get added by examining the rows in mysql.user and after I create the user I see entries for 'admin'#'localost' and 'admin'#'%', but when I try to perform the grants, they don't get actioned;
Here's what I'm doing as the root user.
MariaDB [mysql]> CREATE USER 'admin'#'localhost' IDENTIFIED BY 'mypswd';
Query OK, 0 rows affected (0.000 sec)
MariaDB [mysql]> select user, host, password from mysql.user;
+-------+-----------+-------------------------------------------+
| user | host | password |
+-------+-----------+-------------------------------------------+
| root | localhost | |
| root | 127.0.0.1 | |
| root | ::1 | |
| admin | localhost | *81C702316842FA904B04F249E80134D93FEDB64C |
+-------+-----------+-------------------------------------------+
4 rows in set (0.000 sec)
MariaDB [mysql]> CREATE USER 'admin' IDENTIFIED BY 'mypswd';
Query OK, 0 rows affected (0.000 sec)
MariaDB [mysql]> select user, host, password from mysql.user;
+-------+-----------+-------------------------------------------+
| user | host | password |
+-------+-----------+-------------------------------------------+
| root | localhost | |
| root | 127.0.0.1 | |
| root | ::1 | |
| admin | % | *81C702316842FA904B04F249E80134D93FEDB64C |
| admin | localhost | *81C702316842FA904B04F249E80134D93FEDB64C |
+-------+-----------+-------------------------------------------+
5 rows in set (0.000 sec)
MariaDB [mysql]> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'%' IDENTIFIED BY 'mypswd';
Query OK, 0 rows affected (0.000 sec)
MariaDB [mysql]> GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost' IDENTIFIED BY 'mypswd';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*4B431B2B44AFED5F3EBCF1E6DFB60B3164A4B0D4' WITH GRANT OPTION |
| GRANT PROXY ON ''#'%' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
Why are my GRANT's not working?
Sorry, my bad. I did search quite hard for an answer but I only just discovered that if you are logged in as root from localhost and just use SHOW GRANTS; it will show you just those grants for 'root'#'localhost'.
I needed to do this:
MariaDB [mysql]> SHOW GRANTS FOR 'admin'#'%';
+---------------------------------------------------------------------------------------------------------------+
| Grants for admin#% |
+---------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'admin'#'%' IDENTIFIED BY PASSWORD '*81C702316842FA904B04F249E80134D93FEDB64C' |
+---------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
MariaDB [mysql]> SHOW GRANTS FOR 'admin'#'localhost';
+-----------------------------------------------------------------------------------------------------------------------+
| Grants for admin#localhost |
+-----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost' IDENTIFIED BY PASSWORD '*81C702316842FA904B04F249E80134D93FEDB64C' |
+-----------------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
I didn't find this intuitive.
I use mysql -u root -p to login to mysql. Command show databases only shows information_schema database, and current_user is not root
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
2 rows in set (0.00 sec)
mysql> select current_user();
+----------------+
| current_user() |
+----------------+
| #localhost |
+----------------+
1 row in set (0.00 sec)
You have no other databases - try to create one.
The current user is probably the anonymous user - by default MySQL ships with the following users, all having empty password (https://dev.mysql.com/doc/refman/5.5/en/default-privileges.html)
I have two databases in mysql:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| app |
| app_dev |
+--------------------+
I have two play framework servers running, one using app and one using app_dev. The server connecting to app is local to the machine running mysql. The server connecting to app_dev is remote. I think I've setup the permissions correctly:
mysql> show grants for 'app_dev';
+------------------------------------------------------------------+
| Grants for app_dev#% |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'app_dev'#'%' IDENTIFIED BY PASSWORD 'pwd' |
| GRANT ALL PRIVILEGES ON `app_dev`.* TO 'app_dev'#'%' |
+------------------------------------------------------------------+
mysql> show grants for 'app'#'localhost';
+----------------------------------------------------------------------+
| Grants for app#localhost |
+----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'app'#'localhost' IDENTIFIED BY PASSWORD 'pwd' |
| GRANT ALL PRIVILEGES ON `app`.* TO 'app'#'localhost' |
+----------------------------------------------------------------------+
Yet for some reason, when I try to start play on my development machine, I get the response: MySQLSyntaxErrorException: SELECT command denied to user 'app_dev'#'2.ipn.ipn.ipn' for table 'play_evolutions'.
Is it possible I've set up the permissions incorrectly? The only thing that's different here is the need for the % sign as this is a remote connection!
This is from my terminal in mac.
130-229-0-129-dhcp:~ suyeshamatya$ mysql
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> quit
Bye
130-229-0-129-dhcp:~ suyeshamatya$ mysql -u root -p
Enter password:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| lportal |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
Can someone please explain why mysql is showing different number of databases when connecting without any username/password and when connecting with root username/password?
UPDATE:
Connected without username/password
mysql> show grants;
+--------------------------------------+
| Grants for #localhost |
+--------------------------------------+
| GRANT USAGE ON *.* TO ''#'localhost' |
+--------------------------------------+
1 row in set (0.00 sec)
Connected with root username/password
mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '********************' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Grant USAGE means no privileges for that user according to Manual. So when you login without username and password. It will show default mysql schema. If you want to user using following query:
select User from mysql.user;
It will throw error like
SELECT command denied to user ''#'localhost' for table 'user';
Which means you do not have permission on default database to view users details.
If you login with username and password then all the databases created by that User will show you.
I am not sure but I think that the the "unknown user" has no privileges to see the other databases. Please check this in the mysql database.
I have this:
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| root#% |
+----------------+
1 row in set (0.00 sec)
mysql> SELECT USER();
+------------------+
| USER() |
+------------------+
| root#CQ2404LA-PC |
+------------------+
1 row in set (0.00 sec)
mysql>
mysql> GRANT ALL PRIVILEGES ON `Company`.* TO 'TheUser'#'%' IDENTIFIED BY PASS
WORD '*3814FFAFF303C7DBB5511684314B57577D754FF9';
ERROR 1044 (42000): Access denied for user 'root'#'%' to database 'Company'
Access denied for user 'root'#'%' to database 'Company'
Now reviewing the root privileges I have:
mysql> show grants for 'root'#'localhost';
+-------------------------------------------------------------------------------
---------------------------------------------------------+
| Grants for root#localhost
|
+-------------------------------------------------------------------------------
---------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*158
FB31F24156B52B2408974EF221C5100001544' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION
|
+-------------------------------------------------------------------------------
---------------------------------------------------------+
2 rows in set (0.00 sec)
Before, I tested (Locally) And Works fine!.
Now Remotely Privileges:
mysql> show grants for 'root'#'%';
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------------------------------------------------+
| Grants for root#%
|
+-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS,
FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES,
LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW
VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER ON *.* TO 'root'#'%' IDENTIFIED
BY PASSWORD '*158FB31F24156B52B2408974EF221C5100001544' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'%' WITH GRANT OPTION
Doesn't work!!!, I think that it must work because: "ON *.* TO 'root'#'%'"
Looking for the difference:
'root'#'%' haven't CREATE TABLESPACE, EVENT and TRIGGER
mysql> SELECT Host, Event_priv, Trigger_priv, Create_tablespace_priv,
authentication_string FROM mysql.user WHERE USER = "root";
+-----------+------------+--------------+------------------------+--------------
---------+
| Host | Event_priv | Trigger_priv | Create_tablespace_priv | authenticatio
n_string |
+-----------+------------+--------------+------------------------+--------------
---------+
| localhost | Y | Y | Y |
|
| % | N | N | N | NULL
|
+-----------+------------+--------------+------------------------+--------------
---------+
2 rows in set (0.01 sec)
mysql>
But, I think that is not root of problem...
Maybe The solution will be, to use: GRANT ALL PRIVILEGES ON *.* TO 'root'#'%', but I think "all privileges" have other thing than "an amount of privileges".
To use GRANT, you must have the GRANT OPTION privilege, and you must have the privileges that you are granting.
— http://dev.mysql.com/doc/refman/5.6/en/grant.html
If you don't hold "all privileges," you can't grant "all privileges."
Fix the root#% user's missing privileges and the problem will be resolved, although you really should understand what each privilege does and only grant the appropriate ones to each user.