Check if database exists while trying to grant permissions - mysql

I am trying to build a few functions into a perl script to create, delete and grant permissions on mysql databases.
At the moment, I try to grant permissions for a user to specified database, like this:
use DBI;
my $dbname=$_[1];
my $dbh = DBI->connect("dbi:mysql:", $sqluser,$sqlpass) or die "Unable to connect: $DBI::errstr\n";
.....
my $username=#unp[0];
my $dbname=#unp[1];
my $db_com="GRANT ALL ON ".$dbname.".* TO '".$username."'\#'localhost'";
my $sth = $dbh->prepare($db_com);
$sth->execute
or die "SQL Error: $DBI::errstr\n";
print "Permissions granted\n";
This works if the user exists.
While trying similiar code for CREATE USER, and DROP USER, it works efficiently, creating, or deleting them as requested, or throwing mysql syntax errors if the user doesnt exist. But while granting privileges, I am set back by the fact that the command executes even if the database does not exist.
In fact on mysql prompt, if the sql query is executed, it returns:
Query OK, 0 rows affected (0.00 sec)
I need a way to discover whether the database does not exist, and prompt the user to provide a correct database name.

do show databases as a query first and look for the name in it before doing the GRANT
It's perfectly acceptable to grant privileges on a non existent database, all that's happening is that tables in the mysql database are being written to

Related

Deleting vs dropping user in mysql

Im writing a bash script which is checking to see if database exists, if not then it will create the database and then the user.
db=mydb
user=user
echo "Creating database $db"
if [ ! -d "/var/lib/mysql/$db" ] ; then
mysql -e "CREATE DATABASE $db /*\!CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci; */;"
mysql -e "CREATE USER IF NOT EXISTS $user#localhost IDENTIFIED BY '$user';"
mysql -e "GRANT ALL PRIVILEGES ON $db.* TO '$user'#'localhost';"
mysql -e "FLUSH PRIVILEGES;"
else
echo "Database already exists"
fi
What I am trying to do is:
If db doesnt exist then create it, there is an assumption that if the db doesnt exist then chances are neither will the user however, on the off chance there is already a user then it should grant the privileges to newly created db.
To test for all possibilities i'm using phpMyAdmin to save me time when checking but discovered a weird anomaly
If user is created and I drop user from mysql console then script will
recreate the user.
If user is created but I *delete* user from phpMyAdmin, I get error below
when script is re-run.
ERROR 1133 (28000) at line 1: Can't find any matching row in the user table
I notice the difference in the two is the drop and delete command but why is it not recreating if deleted from phpMyAdmin, is there a record of the user somewhere when using delete?
Found the answer here
I think the issue was down to using delete and privileges remaining. I've run the drop command via cli and all seems to be ok now.
In phpMyadmin I can delete but dont have the option to drop users whereas i can see the drop option everywhere else.

grant to multiple db using one command

I have many mariaDB databases that has same prefix. Such as
apple1
apple2
apple3
....
apple5000
apple5001
banana1
banana2
...
banana100
And I want create new user USER who can SELECT databases has apple prefix.
So I grant SELECT to new user USER using multiple command below to.
GRANT SELECT ON `apple1` TO 'USER'#'%';
GRANT SELECT ON `apple2` TO 'USER'#'%';
GRANT SELECT ON `apple3` TO 'USER'#'%';
...
GRANT SELECT ON `apple5001` TO 'USER'#'%';
Is there any solution grant to multiple databases has specify prefix using one command like wildcard(%) of LIKE statement?
GRANT SELECT ON `apple%`.* TO 'USER'#'192.168.0.227';
The real problem is having thousands of databases. You are likely to be slowing things down by having so many. (This is an OS problem, since MySQL instantiates each database via a directory.)
Write a Stored Procedure to query against information_schema to discover all the databases (using LIKE) and generate (using SELECT ... CONCAT) the desired GRANT statements. Then manually copy that output into the mysql commandline tool to execute them.
as this came up on a google search, I ended up doing a for loop & piping it into mysql:
for i in var1 var2 var3 ; do echo "grant all on db_$i.* to user#host;" | mysql ; done
if using numbers then for i in 1..1000
if you have no login details in mycnf file & you have to login to mysql mysql -u user -password <Password>
Only issue with the above is your password being in the command history.
Hope this helps anyone looking for a solution.

MySQL error 1449: The user specified as a definer does not exist

When I run the following query I get an error:
SELECT
`a`.`sl_id` AS `sl_id`,
`a`.`quote_id` AS `quote_id`,
`a`.`sl_date` AS `sl_date`,
`a`.`sl_type` AS `sl_type`,
`a`.`sl_status` AS `sl_status`,
`b`.`client_id` AS `client_id`,
`b`.`business` AS `business`,
`b`.`affaire_type` AS `affaire_type`,
`b`.`quotation_date` AS `quotation_date`,
`b`.`total_sale_price_with_tax` AS `total_sale_price_with_tax`,
`b`.`STATUS` AS `status`,
`b`.`customer_name` AS `customer_name`
FROM `tbl_supplier_list` `a`
LEFT JOIN `view_quotes` `b`
ON (`b`.`quote_id` = `a`.`quote_id`)
LIMIT 0, 30
The error message is:
#1449 - The user specified as a definer ('web2vi'#'%') does not exist
Why am I getting that error? How do I fix it?
This commonly occurs when exporting views/triggers/procedures from one database or server to another as the user that created that object no longer exists.
You have two options:
1. Change the DEFINER
This is possibly easiest to do when initially importing your database objects, by removing any DEFINER statements from the dump.
Changing the definer later is a more little tricky:
How to change the definer for views
Run this SQL to generate the necessary ALTER statements
SELECT CONCAT("ALTER DEFINER=`youruser`#`host` VIEW ",
table_name, " AS ", view_definition, ";")
FROM information_schema.views
WHERE table_schema='your-database-name';
Copy and run the ALTER statements
How to change the definer for stored procedures
Example:
UPDATE `mysql`.`proc` p SET definer = 'user#%' WHERE definer='root#%'
Be careful, because this will change all the definers for all databases.
2. Create the missing user
If you've found following error while using MySQL database:
The user specified as a definer ('someuser'#'%') does not exist`
Then you can solve
it by using following :
GRANT ALL ON *.* TO 'someuser'#'%' IDENTIFIED BY 'complex-password';
FLUSH PRIVILEGES;
From http://www.lynnnayko.com/2010/07/mysql-user-specified-as-definer-root.html
This worked like a charm - you only have to change someuser to the name of the missing user. On a local dev server, you might typically just use root.
Also consider whether you actually need to grant the user ALL permissions or whether they could do with less.
The user who originally created the SQL view or procedure has been deleted. If you recreate that user, it should address your error.
Follow these steps:
Go to PHPMyAdmin
Select Your Database
Select your table
On the top menu Click on 'Triggers'
Click on 'Edit' to edit trigger
Change definer from [user#localhost] to root#localhost
Hope it helps
I got the same error after updating mysql.
The error has been fixed after this command:
mysql_upgrade -u root
mysql_upgrade should be executed each time you upgrade MySQL. It
checks all tables in all databases for incompatibilities with the
current version of MySQL Server. If a table is found to have a
possible incompatibility, it is checked. If any problems are found,
the table is repaired. mysql_upgrade also upgrades the system tables
so that you can take advantage of new privileges or capabilities that
might have been added.
Create the deleted user like this :
mysql> create user 'web2vi';
or
mysql> create user 'web2vi'#'%';
If the user exists, then:
mysql> flush privileges;
Solution is just a single line query as below :
grant all on *.* to 'ROOT'#'%' identified by 'PASSWORD' with grant option;
Replace ROOT with your mysql user name.
Replace PASSWORD with your mysql password.
Fixed by running this following comments.
grant all on *.* to 'web2vi'#'%' identified by 'root' with grant option;
FLUSH PRIVILEGES;
if you are getting some_other instead of web2vi then you have to change the name accordingly.
For future googlers: I got a similar message trying to update a table in a database that contained no views. After some digging, it turned out I had imported triggers on that table, and those were the things defined by the non-existant user. Dropping the triggers solved the problem.
quick fix to work around and dump the file:
mysqldump --single-transaction -u root -p xyz_live_db > xyz_live_db_bkup110116.sql
grant all on *.* to 'username'#'%' identified by 'password' with grant option;
example:
grant all on *.* to 'web2vi'#'%' identified by 'password' with grant option;
I had the same problem with root user ans it worked for me when I replaced
root#%
by
root#localhost
So, if the user 'web2vi' is allowed to connect from 'localhost', you can try:
web2vi#localhost
I'm connected remotely to the database.
The user 'web2vi' does not exist on your mysql server.
See http://dev.mysql.com/doc/refman/5.1/en/error-messages-server.html#error_er_no_such_user
If that user does exist, check what servers it can access from, although I would have thought that would be a different error (EG you might have web2vi#localhost, but you are accessing the db as web2vi#% (At anything)
This happened to me after moving the DB from one server to another server. Initially, the definer was using localhost and the user. On the new server we don't have that user, and host had also been changed. I took a back up of that particular table and removed all the triggers manually from phpmyadmin. After that it has been working fine for me.
Why am I getting that error? How do I fix it?
I spent a hour before found a decision for a problem like this. But, in my case, I ran this:
mysql> UPDATE `users` SET `somefield` = 1 WHERE `user_id` = 2;
ERROR 1449 (HY000): The user specified as a definer ('root'#'%') does not exist
If you really want to find the problem, just run this commands one by one:
SHOW PROCEDURE STATUS;
SHOW FUNCTION STATUS;
SHOW TRIGGERS;
SHOW FULL TABLES IN database_name WHERE TABLE_TYPE LIKE 'VIEW';
...and, after each of them, look for the field 'definer'.
In my case it was bearded old trigger, that somebody of developers forgot to delete.
My 5 cents.
I had same error while I tried to select from a view.
However problem appears to be that this view, selected from another view that was restored from backup from different server.
and in fact, YES, user was invalid, but was not obvious where to from the first look.
I had your very same problem minutes ago, I ran into this issue after deleting an unused user from mysql.user table, but doing an alter view fixed it, here is a handy command that makes it very simple:
SELECT CONCAT("ALTER DEFINER=`youruser`#`host` VIEW ",
table_name," AS ", view_definition,";") FROM
information_schema.views WHERE table_schema='databasename'
Mix this with the mysql command line (assuming *nix, not familiar with windows):
> echo above_query | mysql -uuser -p > alterView.sql
> mysql -uuser -ppass databasename < alterView.sql
Note: the command generates and extra SELECT CONCAT on the file, making mysql -uuser -ppass databasename < alterView.sql fail if you don't remove it.
Source: https://dba.stackexchange.com/questions/4129/modify-definer-on-many-views
Try to set your procedure as
SECURITY INVOKER
Mysql default sets procedures security as "DEFINER" (CREATOR OF).. you must set the security to the "invoker".
From MySQL reference of CREATE VIEW:
The DEFINER and SQL SECURITY clauses specify the security context to be used when checking access privileges at view invocation time.
This user must exist and is always better to use 'localhost' as hostname. So I think that if you check that the user exists and change it to 'localhost' on create view you won't have this error.
Your view, "view_quotes" may have been copied from a different database where "web2vi" is a valid user into a database where "web2vi" is not a valid user.
Either add the "web2vi" user to the database or alter the view (normally removing the DEFINER='web2vi'#'%' part and executing the script will do the trick)
In my case, the table had a trigger with a DEFINER user that didn't exist.
You can change the definer for a specific database to an existing user:
UPDATE mysql.proc SET definer = 'existing_user#localhost' WHERE db = 'database_name';
The problem is clear - MySQL cannot find user specified as the definer.
I encountered this problem after synchronizing database model from development server, applying it to localhost, making changes to the model and then reapplying it to localhost. Apparently there was a view (I modified) defined and so I couldn't update my local version.
How to fix (easily):
Note: it involves deleting so it works just fine for views but make sure you have data backed-up if you try this on tables.
Login to database as root (or whatever has enough power to make changes).
Delete view, table or whatever you are having trouble with.
Synchronize your new model - it will not complain about something that does not exist now. You may want to remove SQL SECURITY DEFINER part from the item definition you had problems with.
P.S. This is neither a proper nor best-all-around fix. I just posted it as a possible (and very simple) solution.
You can try this:
$ mysql -u root -p
> grant all privileges on *.* to `root`#`%` identified by 'password';
> flush privileges;
For me, removing the '' from the DEFINER did the trick.
DEFINER = user#localhost
Go into the edit routine section and and at the bottom, change Security Type from Definer to Invoker.
One or several of your views where created/registered by another user. You'll have to check the owner of the view and:
Recreate the user; as the other answers say.
or
Recreate the views that where created by the user 'web2vi' using ALTER VIEW
I had this problem once.
I was trying to migrate views, from BD1 to BD2, using SQLYog. SQLYog recreated the views in the other DataBase (DB2), but it kept the user of BD1 (they where different). Later I realized that the views I was using in my query were having the same error as you, even when I wasn't creating any view.
Hope this help.
If this is a stored procedure, you can do:
UPDATE `mysql`.`proc` SET definer = 'YournewDefiner' WHERE definer='OldDefinerShownBefore'
But this is not advised.
For me, better solution is to create the definer:
create user 'myuser' identified by 'mypass';
grant all on `mytable`.* to 'myuser' identified by 'mypass';
when mysql.proc is empty, but system always notice "user#192.168.%" for table_name no exist,you just root in mysql command line and type:
CHECK TABLE `database`.`table_name` QUICK FAST MEDIUM CHANGED;
flush privileges;
over!
in my case I had a trigger on that table that I could not update data getting the same error.
MySQL error 1449: The user specified as a definer does not exist
the solution was to delete the triggers on that table and recreate them again, this fixed the issue, since the the trigger was made with another user from another server, and the user name changed on the new server after changing hosting company . that's my 2 cents

NoAccessToProcedureBodies error when executing MySql procedure with CFStoredProc [duplicate]

I am connecting to a MySQL (5.08) database running on a linux machine from a web application running in tomcat.
I get the following exception when I try to execute a stored procedure:
com.hp.hpl.chaos.web.exception.DBException: getNextValue for operatorinstance[Additional Information from SQL Exception][SQLErrorCode: 0 SQLState: S1000
at com.hp.hpl.chaos.web.util.SQLUtil.getNextValue(SQLUtil.java:207)
..............
Caused by: java.sql.SQLException: User does not have access to metadata required to determine stored procedure parameter types. If rights can not be granted, configure connection with "noAccessToProcedureBodies=true" to have driver generate parameters that represent INOUT strings irregardless of actual parameter types.
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:910)
at com.mysql.jdbc.DatabaseMetaData.getCallStmtParameterTypes(DatabaseMetaData.java:1619)
at com.mysql.jdbc.DatabaseMetaData.getProcedureColumns(DatabaseMetaData.java:4034)
at com.mysql.jdbc.CallableStatement.determineParameterTypes(CallableStatement.java:709)
at com.mysql.jdbc.CallableStatement.<init>(CallableStatement.java:513)
at com.mysql.jdbc.Connection.parseCallableStatement(Connection.java:4583)
at com.mysql.jdbc.Connection.prepareCall(Connection.java:4657)
at com.mysql.jdbc.Connection.prepareCall(Connection.java:4631)
at com.hp.hpl.chaos.web.util.SQLUtil.getNextValue(SQLUtil.java:196)
... 17 more
After installing mysql on the machine. I have given the follwing grant options to root
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'pass';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
In the java class..
I am connecting to the db as follows:
String url = "jdbc:mysql://ipaddress:3306/test";
con = DriverManager.getConnection(url,"root", "pass");
I have also tried the url with the noAccessToProcedureBodies=true option included.
Can someone tell me what is wrong here? Is there anything I need to check?
There are two ways to solve this:
set the connection's noAccessToProcedureBodies=true property
For example as part of the connection string:
jdbc:mysql://ipaddress:3306/test?noAccessToProcedureBodies=true
The JDBC driver will then create "INOUT" strings for the arguments without requiring meta data like the exception says.
Grant SELECT privileges on mysql.proc to the database user
For example in the mysql prompt:
GRANT SELECT ON mysql.proc TO 'user'#'localhost';
Of course this would allow the application to read the entire mysql.proc table that contains information about all stored procedures in all databases (including source code).
Following steps worked for me in mysql
Step 1 : add follwong
Connection con = DriverManager.getConnection("jdbc:mysql://ipaddress:3306/logparser?noAccessToProcedureBodies = true ",
"root", "");
Step 2 :
GRANT ALL ON logparser.proc TO root#'%'; where logparser is DB name and proc is procedure name.
Running below queries should fix your issue.
GRANT <SELECT, CREATE, UPDATE, DELETE, ALL> PRIVILEGES ON mysql.proc TO '<user>'#'%';
FLUSH PRIVILEGES;
You can change the definer in the mysql.proc table to your database user.
select * from mysql.proc;
choose the stored proc that has problem and change the definer to 'yourdbuser'#'localhost'.

Query output to a file gives access denied error

I am trying to capture the output of a SQL query in MySQL, to a text file using the following query.
select count(predicate),subject from TableA group by subject into outfile '~/XYZ/output.txt';
I get the following error.
ERROR 1045 (28000): Access denied for user 'username'#'%' (using password: YES)
Any idea, where am I going wrong? Is it some permission related issue?
Outfile is it's own permission in mysql.
If you have ALL it's included.
But if you just have a safe collection such as SELECT, INSERT, UPDATE, DELETE, DROP, CREATE, but not OUTFILE, "into outfile" will not work in queries.
The reason for this is that accessing files from within MySQL, even for write purposes, has certain security risks, because if you access a file from mysql you can access any file the mysql user has access to, thereby bypassing user-based file permissions.
To get around this, you can run your query directly into the output of whatever shell/language you're using to run the sql with.
Here is a *nix example
>$ echo "select count(predicate),subject from TableA group by subject" | mysql -u yourusername -p yourdatabasename > ~/XYZ/outputfile.txt
But do it all on one line without the "\" or use the "\" to escape the line break.
What's happening here is that you're running a query into the mysql client and it's spitting out the result, then you're directing the output to a file. So the file is never called from within mysql, it's called after mysql runs.
So use mysql to get the information and THEN dump the data to the file from your own user shell and you'll be fine.
Or find a way to get yourself the outfile mysql permission, either way.
If it's your system (you're admin), and you know how to secure it, this is how you enable those permissions.
USE mysql;
UPDATE user SET File_priv = 'Y' WHERE User = 'db_user';
FLUSH PRIVILEGES;