Greeting Everyone
I have a linux box for hosting websites
I wanted to secure some tables from writing and modifying while the others is open for writing
so I came out with an idea to chmod some tables (MYD,MYI,frm) files in /var/lib/mysql/DATABASE
I need to ask if I can do so without breaking mysql database
and which permission I have to add to it?
thanks
As mentioned in my comment, you should use MySQL user accounts for such purpose. You can read more about user accounts at MySQL documentation, however I personally prefer GUI tools for this purpose. My personal favorite is SQLYog which lets you easily define per-table access level for a particular user (and more), especially if you're not familiar with MySQL command line.
Related
Instead of using elfinder to browse files. Can I use elfinder to browse Items from database like MySQL.
I'm working on MVC.net
Thanks
Not with elFinder, no, but you can use other open source tools such as Adminer, which works very nicely. Adminer requires PHP.
https://www.adminer.org/
Note this is for general overall DBA tasks for the person running the site, if your aim is to provide limited access to update and retrieve things out of MySQL for end-users usually people code this up themselves, half the web is app servers querying MySQL for stuff.
I've searched for an answer to this and all I can seem to find are questions asking whether it is better to use multiple databases or multiple tables in a single database. This isn't my question though.
QUESTION 1.
I want to set up a new database alongside my current DB and don't know how. I want to give a user full admin access to DB2 without seeing DB1. This way I can host a friend's site and they can create and delete as many tables as they want without disturbing my own DB. I could also use it for demo sites that aren't secure and shouldn't exist inside my primary DB.
I figure I could do this pretty easily with a virtual machine and run a separate instance of MySQL but my resources are limited so that isn't really an option.
I'd like to set this up in one of 2 ways. I would prefer to have "server.example.com" host both DBs and open the proper DB based on user login. If not I could do it routing to server1.example.com and server2.example.com.
QUESTION 2.
If this isn't possible I'd like to know how to properly set up restricted access to a single DB in sequel pro. I have been messing around with it and so far prefer it to PHPMyAdmin. For some reason if I set up a new user with no permissions they have full access to my 'information_schema' and 'test' tables but can't create new tables. I don't want other users to access these tables though and I want them to be able to set up their own tables. I'd like to set it up so a new user can create a limited number of tables and only see and edit those tables. I can't seem to find information on this either.
Even if my first question is possible I'd like to know the answer to question 2. I've been searching for a long time and can't find reliable information anywhere. Maybe my brain is just tired...
You can set up multiple instances of mysql but for your situation you are better off creating different databases within the same instance.
You can create databases and then add users that only have access to manipulate the database they are given and nothing else.
Essentially the heirarchy is as follows:
Mysql (root or any other super user can see everything)
- Your DB
- Your Users
- Your tables/functions/Procedures/etc
- Their DB
- Their Users
- Their tables/functions/procedures/etc.
You basically separate the access for each, and in PHPMyAdmin it is very easy. The steps are:
Add Database )
Add User, restricting them to that database allowing only priveleges you want to give to that user and only to that database. (Guide here)
You can grant access to different database to different user using GRANT in MySQL.
https://dev.mysql.com/doc/refman/5.1/en/grant.html has the information you need.
The most simple you can do is
CREATE DATABASE db_for_user_a
CREATE DATABASE db_for_user_b
GRANT ALL PRIVILEGES ON db_for_user_a.* TO user_a IDENTIFIED BY 'user_a_s_password'
GRANT ALL PRIVILEGES ON db_for_user_b.* TO user_a IDENTIFIED BY 'user_b_s_password'
You are going to need to provide more information about your set up to answer this question of setting up multiple databases specifically.
Servers typically have methods to create multiple databases with software that is designed specifically to run on those platforms (Apache, and Windows server are a couple servers that can run software like WAMP or phpMyAdmin to manage these databases).
And in answer to the permissions: Yes, you can designate users that can have specific privileges on one, both, or neither of the databases. But, you can also set up table-specific roles and actions as well. This is more obvious with Microsoft's management studio though, where Mysql you may want to use something like Mysql Workbench initially.
On cPanel, for example, you can add a new database if your host allows it. On windows, you'll have to use other tools to set up a new database.
In answer to your first inquiry, each database requires its own connection, and there are database-wide operations that you can do such as migration and backups. A rule of thumb is to only keep entirely separate data in different databases, unless there is absolutely a reason to separate types of information into a different kind of database for efficiency. Typically, you do not relate data between different databases except for much more complex situations.
You can create separate databases and use them separately in sequel pro, I believe. Most platforms have an option to create a new db in the databases list.
Well I think I was confusing some stuff here. I apologize for that. I was calling databases 'tables'.
I was wanting to allow users to create new databases but not see the ones that others create. I think I can make this work by just limiting permissions and allowing users to access one or two databases.
It seems like PHPMyAdmin has some easier to use options than Sequel Pro. I've only briefly used it in the past but I'll give it another shot.
As for command line stuff, I love being able to work in command line but I don't know all the commands so it makes things generally difficult to figure out and the man pages weren't all that helpful.
Thank you for your answers and I'm sorry for my newbie questions.
I'm looking into using CloudBees for some application prototyping. I am using free accounts right now, I am not paying any subscriptions at the moment.
The first step for me is to create a MySQL database to host my application's data. I've done so (and it was pretty easy!). I also use Liquibase to manage the database (I've started this work using local H2 databases for the pre-prototyping), and I've been able to construct everything as expected.
As part of checking whether liquibase created the tables, I brought up the MySQL database in NetBeans. And, it did function well. But I can also see other schemas as well as the schema I just created. They're all innocently named (test, test_6hob). But, I can see the tables and view their data.
My question is around the visibility of the data that's in the CloudBees database. Is the database created for the free accounts viewable to other people connecting to the same machine? Does this change if I use a paid account? Or is it more the nature of how the database was created? I can see other schemas (and their data) but I have no idea if other people can see mine? Is there a permissions-aspect I need to ensure I set? I've fairly ignorant with the inner-workings of MySQL.
While this is a prototype, were I to move into using CloudBees for production applications, I wouldn't want the data to be visible to anyone who happened to connect to the same database as my application. It's entirely possible that I'm missing something in this new cloud world. :)
Thanks for any info
All CloudBees MySQL databases are secured separately (although will be in shared instances unless you have a dedicated server) - they are not readable by any other account by default.
However, it is possible for the database owner to grant access to users from other accounts on that same database server if you really wanted to - even though it makes very little sense to do so (and your special user configuration will be lost during a failover).
So this is what has happened for the test databases that you can see - the database owner has opened up security on those databases / tables.
This question is probably off topic but i'll bite anyway. The database data is private to your account. Actual hardware/vm's maybe shared but the data/database is not.
I have a Microsoft Access Database with an interface for usability ... But now, all users have access to the tables of the database directly. I want to deny this except for those who are authorized i.e.: Password Protect the access to the tables not the GUI.
Unfortunately, there is no "simple" solution for this.
Access has a security-mechanism built in. Note though, that this only works for the "old" mdb format, not for the new accdb format supported by Access 2007/2010. Thus, if you are going this way, you are using a deprecated technology which will might not be supported in future versions.
That said, here is a tutorial found on the Internet. The process is a bit complex; it definitely exceeds the space of a StackOverflow answer:
The Microsoft Access Security Apparatus
If you need a more future-proof solution, I'm afraid your only choice it to move the back-end (= the tables) into another database system, such as SQL Server Express. There, you can restrict access to the tables and grant access to your application by using Application Roles.
If you only want to prevent your users from accidentally messing up your data, it might suffice to install only the Access Runtime instead of the full product. Note, however, that this does not provide security, since a malicious user could simply install the full version of Access!
It's advisable to assign permissions to groups, not to users, because each user inherits the permissions assigned to the group. this might help you
Is there a way to use a MYSQL database without the database management system.. Like use tables offline without installing the db management system on the machine..
If there is can you please point me in the right direction?
Thank you!
As far as I know, there is no way to do this.
However, there is a portable DBMS SQLIte. It comes in different ways and can be used on other platform with different programming languages.
After reading your comment, I'm almost sure, this is what you need.
It's not that fast as MySQL I guess, but it works.
You can use The embedded MySQL Server Library to access MySQL data files without running the MySQL server.
You can setup a database to work on your localhost. This will be offline unless you setup the front-end stuff to let the internet interact with it.
What exactly do you mean "without the database management system"? You always need a way of interacting with it, even if it is offline. (Otherwise how can it work for you?)
The server side piece of the application, mysql-server, is needed at a minumum to run mysql. This server application comes with all the tools built-in to manage the instance. I doubt you can prevent installation of this.
If you've actually opened the table files in a hex or text editor, you'll see that you will definitely need the mysql application installed to make any sense of them to use them. Sure the records are all there in plain text (.myd files for myisam, the ibdata1 file for innodb tables), but it would be a complete time-waster devising a custom app to parse or update the file structure, as well as trying to tie in table structure contained in the related files for each table.