How do i grant remote access to one particular mysql table? - mysql

A client wants access from there ip address to a specific mysql table for their CRM program. I am developing the website part and collect data with a form.
Which steps should i make to grant access to a particular mysql table from one ip address and how can i test it?
GRANT ALL PRIVILEGES ON mydatabase.* to jsmith#'69.234.27.102' IDENTIFIED BY 'jimspassword';
can i replace * with the specific table? And how do i test this from my pc?
regards,

Grant privileges:
GRANT ALL PRIVILEGES ON mydatabase.mytable to yourtestuser#'your_ip_address' IDENTIFIED BY 'yourpassword';
Remember to:
FLUSH PRIVILEGES;
after that.
Make MySQL listening for network connections:
In my.cnf:
[mysqld]
port = 3306
Check with:
netstat -lnp
Make sure firewall does not block your connections
iptables-save
Check if everything is OK on network level from your PC with:
telnet mysqlbox_ip 3306
Make sure if there is a user defined in MySQL:
mysql> \u mysql
mysql> select * from user;
Make sure there are table privileges defined:
mysql> select * from tables_priv;

Related

Cant Connect to MySQL over network

I'm in the process of setting up a MySQL server. I set up the server as localhost on port 3306. However I want to be able to access this server over the network. The server has a static IP address. How can I change it from localhost to the static IP address?
I already did this suggestion I found online, and it didn't work:
mysql> GRANT ALL ON *.* to root#'localhost' IDENTIFIED BY 'your-root-password';
mysql> FLUSH PRIVILEGES;
When I try to access it from the server or another PC, I get this error:
Failed to Connect to MySQL at XXXXXX:3306 with user root
HOST 'XXXXXXX' is not allowed to connect to this MySQL server
Thank You.
In addition to the GRANT statement you've already listed above, you also need this one to connect from somewhere other than localhost
GRANT ALL ON *.* to root#'%' IDENTIFIED BY 'your-root-password';
In MySQL land user#somehost is, in practice, a different user than user#some-other-host.

How to migrate mysql from localhost to IP address

I am running mysql in my localhost under the port number 3306. I want to access mysql database remotely. my system has the ip address and i want to use this instead of localhost. Can you please tell me how can i achieve this one.
Have you written some code for it for accessing remote database.
Is there any error??
If you need to access your database remotely then you need to do following
.
Mysql :-
mysql> GRANT ALL ON *.* to root#'localhost' IDENTIFIED BY 'your-root-password';
mysql> FLUSH PRIVILEGES;
This will grant to all users to access database remotely.

MySQL: Access denied for user 'test'#'localhost' (using password: YES) except root user

I am facing problem with mysql non root/admin user, I am following the below steps for creating user and its privileges, correct me if i am doing wrong,
i am installing mysql on RHEL 5.7 64bit, packages are mentioned below, once i done the rpm install we are
creating mysql db using mysql_install_db, then
starting the mysql service then
using mysql_upgrade also we are doing to the server.
After this process i can login as root but with a non-root user I am not able to log into the server:
[root#clustertest3 ~]# rpm -qa | grep MySQL
MySQL-client-advanced-5.5.21-1.rhel5
MySQL-server-advanced-5.5.21-1.rhel5
[root#clustertest3 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root#clustertest3 ~]# ls -ld /var/lib/mysql/mysql.sock
srwxrwxrwx 1 mysql mysql 0 Nov 30 11:09 /var/lib/mysql/mysql.sock
mysql> CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+----------------+----------------+
| USER() | CURRENT_USER() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
[root#clustertest3 ~]# mysql -ugolden -p
Enter password:
ERROR 1045 (28000): Access denied for user 'golden'#'localhost' (using password: YES)
This is the problem I am facing, is there any solution to this?
Do not grant all privileges over all databases to a non-root user, it is not safe (and you already have "root" with that role)
GRANT <privileges> ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This statement creates a new user and grants selected privileges to it.
I.E.:
GRANT INSERT, SELECT, DELETE, UPDATE ON database.* TO 'user'#'localhost' IDENTIFIED BY 'password';
Take a look at the docs to see all privileges detailed
EDIT: you can look for more info with this query (log in as "root"):
select Host, User from mysql.user;
To see what happened
If you are connecting to the MySQL using remote machine(Example workbench) etc., use following steps to eliminate this error on OS where MySQL is installed
mysql -u root -p
CREATE USER '<<username>>'#'%%' IDENTIFIED BY '<<password>>';
GRANT ALL PRIVILEGES ON * . * TO '<<username>>'#'%%';
FLUSH PRIVILEGES;
Try logging into the MYSQL instance.
This worked for me to eliminate this error.
Try:
CREATE USER 'golden'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'localhost';
FLUSH PRIVILEGES;
Or even better use: mysql_setpermission to create the user
It looks like you're trying to make a user 'golden'#'%' but a different user by the name of 'golden'#'localhost' is getting in the way/has precedence.
Do this command to see the users:
SELECT user,host FROM mysql.user;
You should see two entries:
1) user= golden, host=%
2) user= golden, host=localhost
Do these Command:
DROP User 'golden'#'localhost';
DROP User 'golden'#'%';
Restart MySQL Workbench.
Then do your original commands again:
CREATE USER 'golden'#'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'golden'#'%';
Then when you go to try to sign in to MySQL, type it in like this:
Hit 'Test Connection' and enter your password 'password'.
First I created the user using :
CREATE user user#localhost IDENTIFIED BY 'password_txt';
After Googling and seeing this, I updated user's password using :
SET PASSWORD FOR 'user'#'localhost' = PASSWORD('password_txt');
and I could connect afterward.
For anyone else who did all the advice but the problem still persists.
Check for stored procedure and view DEFINERS. Those definers may no longer exists.
My problem showed up when we changed the wildcard host (%) to IP specific, making the database more secure. Unfortunately there are some views that are still using 'user'#'%' even though 'user'#'172....' is technically correct.
I also have the similar problem, and later on I found it is because I changed my hostname (not localhost).
Therefore I get it resolved by specifying the --host=127.0.0.1
mysql -p mydatabase --host=127.0.0.1
According way you create your user, MySQL interprets a different manner. For instance, if you create a user like this:
create user user01 identified by 'test01';
MySQL expects you give some privilege using grant all on <your_db>.* to user01;
Don't forget to flush privileges;
But, if you create user like that (by passing an IP address), you have to change it to:
create user 'user02'#'localhost' identified by 'teste02';
so, to give some privileges you have to do that:
grant all on <your_db>.* to user02#localhost;
flush privileges;
Make sure the user has a localhost entry in the users table. That was the problem I was having. EX:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
For annoying searching getting here after searching for this error message:
Access denied for user 'someuser#somewhere' (using password: YES)
The issue for me was not enclosing the password in quotes. eg. I needed to use -p'password' instead of -ppassword
Try this:
If you have already created your user, you might have created your user with the wrong password.
So drop that user and create another user by doing this.
To see your current users.
SELECT Host,User FROM mysql.user;
To drop the user
DROP User '<your-username>'#'localhost';
After this you can create the user again with the correct password
CREATE USER '<your-username>'#'localhost' IDENTIFIED WITH mysql_native_password BY '<correct password>';
then
FLUSH PRIVILEGES;
You might still run into some more errors with getting access to the database, if you have that error run this.
GRANT ALL PRIVILEGES ON *.* to '<your-username>'#'localhost';
In my case the same error happen because I was trying to use mysql by just typing "mysql" instead of "mysql -u root -p"
connect your server from mysqlworkbench and run this command->
ALTER USER 'root'#'localhost' IDENTIFIED BY 'yourpassword';
The error of ERROR 1045 (28000): Access denied for user might not be always related to privilages problems but to the fact that there is a missing -p at the end of the command:
# Will prompt us a mysql terminal in case there are no privilages issues
mysql -u root -p
# Will fail with the mentioned ERROR 1045
mysql -u root
sometimes,it can just be a wrong password.Kindly remember your passwords including their sensitivity.
I had this issue and something dummy ended up solving.
For some reason "locahost" was not resolving for anything, so using its local IP made it work.
So you would change
mysql -h localhost -P 33061
to:
mysql -h 127.0.0.1 -P 33061
Had a similar issue when trying to grant privileges to an already existing user using the command:
use my-db;
GRANT ALL PRIVILEGES ON my-database.* TO 'my-user'#'%' IDENTIFIED BY 'my-password';
Here's how I solved it:
It had to do with 2 issues:
The password of the already exiting user was different from the password that provided in the GRANT ALL PRIVILEGES command. I had to rerun the GRANT ALL PRIVILEGES with the correct password for the already existing user.
The host name of the database server that I provided when connecting to the database was incorrect. I had created the database and the user on a particular database server and I was trying to connect to another database server different from the database server where the database and the user were created. I had to get the correct database server hostname, and I used it for the connection.
After all this were sorted, I was able to connect to the database using the credentials.
The issue was that my-user already had the privileges I wanted to grant it.
You can check to see the privileges that you've granted your user using:
SHOW GRANTS FOR 'your-user'#'%';
OR
SHOW GRANTS FOR 'your-user'#'localhost';
That's all.
Just add computer name instead of 'localhost' in hostname or MySQL Host address.

Mysql - how to add remote connection IP range?

I have recently started using phpstorm and I'm trying to add data source.
It seems I cannot because my mysql server doesnt accept remote connections.
How do I add IP ranges so it may accept them?
You have to grant privileges to your mysql user for access from your local IP, for example
mysql> GRANT ALL PRIVILEGES
ON database.*
TO 'foo'#'remotehost';
you can also use wildcards (%) to ip or hostname
mysql> GRANT ALL PRIVILEGES
ON database.*
TO 'foo'#'123.123.%.%';
or
mysql> GRANT ALL PRIVILEGES
ON database.*
TO 'foo'#'%.foobar.com';
Refer to the docs for details, below mysql 5.5 refman
http://dev.mysql.com/doc/refman/5.5/en/grant.html#grant-database-privileges

Mysql adding user for remote access

I created user user#'%' with password 'password. But I can not connect with:
mysql_connect('localhost:3306', 'user', 'password');
When I created user user#'localhost', I was able to connect. Why? Doesn't '%' mean from ANY host?
In order to connect remotely, you have to have MySQL bind port 3306 to your machine's IP address in my.cnf. Then you have to have created the user in both localhost and '%' wildcard and grant permissions on all DB's as such . See below:
my.cnf (my.ini on windows)
#Replace xxx with your IP Address
bind-address = xxx.xxx.xxx.xxx
Then:
CREATE USER 'myuser'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'myuser'#'%' IDENTIFIED BY 'mypass';
Then:
GRANT ALL ON *.* TO 'myuser'#'localhost';
GRANT ALL ON *.* TO 'myuser'#'%';
FLUSH PRIVILEGES;
Depending on your OS, you may have to open port 3306 to allow remote connections.
Follow instructions (steps 1 to 3 aren't needed in Windows):
Find mysql config to edit:
/etc/mysql/my.cnf (Mysql 5.5)
/etc/mysql/conf.d/mysql.cnf (Mysql 5.6+)
Find bind-address=127.0.0.1 in config file change bind-address=0.0.0.0 (you can set bind address to one of your interface IPs or like me use 0.0.0.0)
Restart mysql service run on console: service mysql restart
Create a user with a safe password for remote connection. To do this run following command in mysql (if you are linux user to reach mysql console run mysql and if you set password for root run mysql -p):
GRANT ALL PRIVILEGES ON *.* TO 'remote'#'%' IDENTIFIED BY 'safe_password' WITH GRANT OPTION;
Now you should have a user with name of user and password of safe_password with capability of remote connect.
for what DB is the user? look at this example
mysql> create database databasename;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on databasename.* to cmsuser#localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
so to return to you question the "%" operator means all computers in your network.
like aspesa shows I'm also sure that you have to create or update a user. look for all your mysql users:
SELECT user,password,host FROM user;
as soon as you got your user set up you should be able to connect like this:
mysql -h localhost -u cmsuser -p
hope it helps
I had used an existing user that had password using mysql_navtive_password
CREATE USER 'sammy'#'remote_server_ip' IDENTIFIED WITH mysql_native_password BY 'password';
Rather than
CREATE USER 'sammy'#'remote_server_ip' IDENTIFIED BY 'password';
thus was not able to connect. Deleting a old one and creating a new without mysql_native_password did the trick
An alternative way is to use MySql Workbench.
Go to Administration -> Users and privileges -> and change 'localhost' with '%' in 'Limit to Host Matching' (From host) attribute for users you wont to give remote access Or create new user ( Add account button ) with '%' on this attribute instead localhost.