MySQL: grant permissions denied for CREATE - mysql

I setup a database & user along with grant permissions how I normally do and I'm still getting access denied and I'm not sure why:
[root#server23 redditonrails]# mysql -u redditonrails -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 431954
Server version: 5.0.45 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> use redditonrails_development;
Database changed
mysql> create table test;
ERROR 1142 (42000): CREATE command denied to user 'redditonrails'#'localhost' for table 'test'
mysql> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for redditonrails#localhost |
+------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'redditonrails'#'localhost' IDENTIFIED BY PASSWORD '*******' |
| GRANT ALL PRIVILEGES ON `redditonrails_test`.`localhost` TO 'redditonrails'#'localhost' |
| GRANT ALL PRIVILEGES ON `redditonrails_development`.`localhost` TO 'redditonrails'#'localhost' |
| GRANT ALL PRIVILEGES ON `redditonrails`.`localhost` TO 'redditonrails'#'localhost' |
+------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
mysql> SELECT USER(),CURRENT_USER();
+-------------------------+-------------------------+
| USER() | CURRENT_USER() |
+-------------------------+-------------------------+
| redditonrails#localhost | redditonrails#localhost |
+-------------------------+-------------------------+
1 row in set (0.00 sec)

I don't believe your syntax is right. You're specifying:
GRANT ALL PRIVILEGES ON
redditonrails_development.localhost
The expected syntax for db-level GRANT is: ON $db.$table. Based on this, you're only granting on the table named "localhost". Change to:
GRANT ALL PRIVILEGES ON
redditonrails_development.*

It would seem that your user redditonrails has all privilages on
redditonrails_development.localhost
which would mean redditonrails_development database and localhost table. what you want is to have there
redditonrails_development.*
witch would mean you have all privilages on all tables (even the new ones you're trying to create)
or at least that's how I see it.

Related

[HY000][1130] null, message from server: "Unknown error 1130"

Hi if I use mysql itself I can see my tables and databases and I checked the port on the MySQL variables and it was the same as 3306.
I am not sure what's wrong. I also granted privileges to localhost for the user.
Here is a screenshot of what it shows me:
I think I just updated my PhpStorm and now it is not working any more.
mysql> SELECT
-> user
-> FROM
-> mysql.user;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 49
Current database: *** NONE ***
+---------------+
| user |
+---------------+
| imdi_mg2 |
| mysql.session |
| mysql.sys |
| root |
+---------------+
4 rows in set (0.11 sec)
I am not sure why mysql goes away and comes back in the middle
not sure how but grant should be on % not on localhost this was really annoying:
create user 'user'#'%' identified by 'pass'
GRANT ALL PRIVILEGES ON imdi_mg2.* TO 'user'#'%' WITH GRANT OPTION;
there will be people having this issue hopefully helps someone!

How to change SHOW GRANTS Title in MySQL?

I have the following query:
MySQL [Database]> show grants for "user"#"%";
+-----------------------------------------------------------------+
| Grants for user#% |
+-----------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' |
+-----------------------------------------------------------------+
1 row in set (0.00 sec)
Now what I'm trying to do is to alter the Grants for user#% title, but the following statements throw an error:
show grants for "user"#"%" AS TEST;
show grants AS TEST for "user"#"%";
select * from (show grants AS Test for "user"#"%") as SUB;
I want to get the following result somehow:
MySQL [Database]> show grants for "user"#"%" AS TEST;
+-----------------------------------------------------------------+
| TEST |
+-----------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' |
+-----------------------------------------------------------------+
1 row in set (0.00 sec)
The reason why I want to alter the title is, because the PHP framework I'm using, is converting the database query to an object and Grants for user#% would be object variable/field, which I need to call, which is very inconvenient.
If you don't like the result heading of SHOW GRANTS, you can piece together the information from tables in the INFORMATION_SCHEMA:
USER_PRIVILEGES
SCHEMA_PRIVILEGES
TABLE_PRIVILEGES
COLUMN_PRIVILEGES
I'll leave it as an exercise for you to write the SQL query to do that.

Cant login to mysql new user?

I've recently downloaded and started using mysql. I've set it up hopefully correct and my root user also logs in. The mysql service is also running.
I ran the following lines to create a datbase and new user, but I could not log in to my new user. Please help. I don't know what I'm doing wrong.
I've searched for a solution online but get confused as to what is the right steps to follow.
Thank you :)
PS C:\Users\Akhil> mysql -u root -p;
Enter password: *****
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.6.41-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| mytestdb |
| performance_schema |
| sakila |
| test |
| world |
+--------------------+
7 rows in set (0.00 sec)
mysql> use mytestdb
Database changed
mysql> create user myuser identified by 'mypass';
ERROR 1396 (HY000): Operation CREATE USER failed for 'myuser'#'%'
mysql> DROP USER myuser;
Query OK, 0 rows affected (0.00 sec)
mysql> create user myuser identified by 'mypass';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON mytestdb.* TO myuser;
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
PS C:\Users\Akhil> mysql -u myuser -p
Enter password: ******
ERROR 1045 (28000): Access denied for user 'myuser'#'localhost' (using password: YES)
PS C:\Users\Akhil>
Why am I getting access denied is beyond me...Help?
I've solved the error. What I did was Login with root user. Then type the following command:-
DROP USER ''#localhost ;
then it worked like a charm!

Issue inserting data into a mysql table using cloudfoundry's vmc utility

I am having issues with user privileges in mysql and cloudfoundry.
I was able to insert data into a table and I am trying to insert data into another table and running into the following issue:
mysql> source /home/julien/Documents/donnees/projets/Site-Rencontres/java/src/main/resources/misc/sql/geolocation.sql
ERROR 1142 (42000): INSERT command denied to user 'uEs8kO1Aqdhlr'#'172.30.49.208' for table 'geolocation'
Can anyone please clarify to me how user privileges work on mysql for cloudfoundry?
EDIT 1: Some info:
+-------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for uEs8kO1Aqdhlr#% |
+-------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'uEs8kO1Aqdhlr'#'%' IDENTIFIED BY PASSWORD '*A826C24476F83F907DC66060E4C2705D92E151ED' WITH MAX_USER_CONNECTIONS 20 |
| GRANT ALL PRIVILEGES ON `de2474fdd53114ebfbb17b3c236676a28`.* TO 'uEs8kO1Aqdhlr'#'%' |
+-------------------------------------------------------------------------------------------------------------------------------------------+
EDIT 2: Some more info:
mysql> select user();
+-----------------------------+
| user() |
+-----------------------------+
| uEs8kO1Aqdhlr#172.30.49.208 |
+-----------------------------+
1 row in set (0.80 sec)
mysql> select current_user();
+-----------------+
| current_user() |
+-----------------+
| uEs8kO1Aqdhlr#% |
+-----------------+
1 row in set (0.85 sec)
EDIT 3: Yet some more info:
I realized that my sql script was referring the wrong schema (here called dummy):
insert into dummy.geolocation
Removing the "dummy." allowed me to run the script without any error. Why this gave me the above error I am not sure. If any one can explain, that would be useful...
CF provisions both the mysql instance as well as a database. Therefore when you bind a mysql service you actually bind the database to your app. If you notice when vmc tunnelling to the mysql service, it gives you the username/password as well as a key called "name", that is the schema name the tunnel is on. Operations against other schemas would be considered out of the CF account used.

MySQL grant ineffective?

Okay, I'm perplexed. I'm getting an "Access denied" error trying to do an update. There's a grant to allow that user to perform an update on that table, but it's being denied anyway. Yes, I've tried "flush properties".
$ mysql -h DBHOST -u DBUSER -p DBNAME
Enter password: ******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7340
Server version: 5.0.77 Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> update user set lastlogin = now() where userid = 1;
ERROR 1227 (42000): Access denied; you need the SUPER privilege for this operation
mysql> show grants for DBUSER;
+--------------------------------------------------------------------------------------+
| Grants for DBUSER#% |
+--------------------------------------------------------------------------------------+
...
| GRANT SELECT, INSERT ON `DBNAME`.`useroldpassword` TO 'DBUSER'#'%' |
...
| GRANT SELECT, INSERT, UPDATE ON `DBNAME`.`user` TO 'DBUSER'#'%' |
...
+--------------------------------------------------------------------------------------+
68 rows in set (0.01 sec)
mysql>
There is a trigger on the table:
CREATE TRIGGER DEFINER=`DEFINER`#`localhost` UserPasswordUpdate BEFORE UPDATE ON User
FOR EACH ROW
BEGIN
DECLARE count int;
IF(NOT NEW.Password<=>OLD.Password) THEN
SELECT count(*) into count FROM UserOldPassword WHERE UserID=NEW.UserID AND Password=NEW.Password;
IF(count != 0) THEN
INSERT INTO Unknown VALUES(1);
END IF;
INSERT INTO UserOldPassword(UserID,PasswordDate,Password) VALUES(NEW.UserID, NOW(), NEW.Password);
SET NEW.LastPasswordChangeDate=NOW();
END IF;
END
Both the executing user (see above) and the stated definer should have permissions to insert into the UserOldPassword table:
mysql> show grants for DEFINER;
+---------------------------------------------------------------------------------+
| Grants for DEFINER#% |
+---------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'DEFINER'#'%' IDENTIFIED BY PASSWORD '...' |
| GRANT ALL PRIVILEGES ON `DBNAME`.* TO 'DEFINER'#'%' |
+---------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for DEFINER#localhost;
+-----------------------------------------------------------------------------------------+
| Grants for DEFINER#localhost |
+-----------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'DEFINER'#'localhost' IDENTIFIED BY PASSWORD '...' |
| GRANT ALL PRIVILEGES ON `DBNAME`.* TO 'DEFINER'#'localhost' |
+-----------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Try:
GRANT SUPER ON `DBNAME`.`user` TO 'DBUSER'#'%'
You probably have a trigger on the table which is why it's not working.
I upgraded from MySQL 5.0.77 to 5.5.15 and now it works fine.
Run this:
mysql> flush privileges;