I am running several schemas on a single mysql server. One of the schemas has an underscore in its name ("some_name"), and the rest don't. I noticed that in the Admin GUI I am seeing 2 schemas that represent the same one, with one having an escape character before the underscore - so in the schema list I see:
schema1
schema2
some_name
some\_name
schema3
....
I have no idea how it gets there, and though I tried to, I cannot remove/drop it because it doesn't show up when running mysql from the console. The problem arises when I have to grant users permission on both schemas to enable them to access and manipulate data on either. This is really messed up and I am looking to understand how/why this happens and how this could be avoided (other than renaming the schema to remove the underscore). thanks
You might want to check your datadir folder. Any folder/director in your datadir will show up as a database on MySQL even if it is not really a database. I often encounter 'backup' database because we use that folder as backup.
SHOW VARIABLES LIKE 'datadir';
Related
I sort of have a heart attack of a problem. I had a non-root utility user in mysql that used to be able to see all the databases, tables, etc. on the mysql instance. The user was also able to insert records, delete records, create tables, etc. too. This user is used by scripts to edit records, or view the data as someone who's not root via phpmyadmin.
I don't know how Django fits into this or if it was even the cause but a contractor needed access to the db to work on their project we asked them to work on. They said they were using Django and needed to create some auth tables in the database (auth_group, auth_user, auth_user_groups, etc.)
However, after they added their tables for Django, that utility user can't see anything except the "information_schema" database.
Luckily, I checked using the root user in mysql and can see the databases but somehow, I still cant see the databases with the non-root user. I don't see anything that jumps out at me permissions-wise in the "user" table in mysql so I'm not sure how to fix this problem. I want to see what commands the contractor ran to get us into this situation to tell them not to do this again.
I was going to check the .mysql_history file in the unix root user directory but the funny thing is the file is dated from 3 weeks ago so it doesn't look like this will yield any info on what was run.
So, back to my original question, where can I see a history of mysql commands that were run on mysql so I can figure out what happened or what was run to get us into this funny situation?
I'm right now trying to upload a 1.3gig sql text file to phpmyadmin and each time I do it I get the following issue.
my issue
I've already tried splitting the file and editing out the CREATE DATABASE line but each time I try opening it in notepad, notepad++ and emeditor I get a bunch of random characters, clearly there's an issue with the encoding. It's not something I can easily export since another company handles that and I have no access to it. I don't care how my SQL text file is opened, I just need a way to view it and I can't find one.
Thanks for any help you can provide!
ISSUE IS SOLVED!!!
You're trying to create and then write the database named mysql. You Can't Do Thatâ„¢.
You should treat that database, and the information_schema and performance_schema databases, as readonly. They provide ways to retrieve information about the server via SELECT operations. Except in very specific special cases, writing those databases will at best do nothing and at worst trash your server. MySQL tries to prevent you from doing damage by throwing privilege errors when you try to alter those databases.
In a comment you mention that you are confident you can fix an issue with your system via the mysql data base. With respect, that's entirely incorrect.
I've searched for an answer to this and all I can seem to find are questions asking whether it is better to use multiple databases or multiple tables in a single database. This isn't my question though.
QUESTION 1.
I want to set up a new database alongside my current DB and don't know how. I want to give a user full admin access to DB2 without seeing DB1. This way I can host a friend's site and they can create and delete as many tables as they want without disturbing my own DB. I could also use it for demo sites that aren't secure and shouldn't exist inside my primary DB.
I figure I could do this pretty easily with a virtual machine and run a separate instance of MySQL but my resources are limited so that isn't really an option.
I'd like to set this up in one of 2 ways. I would prefer to have "server.example.com" host both DBs and open the proper DB based on user login. If not I could do it routing to server1.example.com and server2.example.com.
QUESTION 2.
If this isn't possible I'd like to know how to properly set up restricted access to a single DB in sequel pro. I have been messing around with it and so far prefer it to PHPMyAdmin. For some reason if I set up a new user with no permissions they have full access to my 'information_schema' and 'test' tables but can't create new tables. I don't want other users to access these tables though and I want them to be able to set up their own tables. I'd like to set it up so a new user can create a limited number of tables and only see and edit those tables. I can't seem to find information on this either.
Even if my first question is possible I'd like to know the answer to question 2. I've been searching for a long time and can't find reliable information anywhere. Maybe my brain is just tired...
You can set up multiple instances of mysql but for your situation you are better off creating different databases within the same instance.
You can create databases and then add users that only have access to manipulate the database they are given and nothing else.
Essentially the heirarchy is as follows:
Mysql (root or any other super user can see everything)
- Your DB
- Your Users
- Your tables/functions/Procedures/etc
- Their DB
- Their Users
- Their tables/functions/procedures/etc.
You basically separate the access for each, and in PHPMyAdmin it is very easy. The steps are:
Add Database )
Add User, restricting them to that database allowing only priveleges you want to give to that user and only to that database. (Guide here)
You can grant access to different database to different user using GRANT in MySQL.
https://dev.mysql.com/doc/refman/5.1/en/grant.html has the information you need.
The most simple you can do is
CREATE DATABASE db_for_user_a
CREATE DATABASE db_for_user_b
GRANT ALL PRIVILEGES ON db_for_user_a.* TO user_a IDENTIFIED BY 'user_a_s_password'
GRANT ALL PRIVILEGES ON db_for_user_b.* TO user_a IDENTIFIED BY 'user_b_s_password'
You are going to need to provide more information about your set up to answer this question of setting up multiple databases specifically.
Servers typically have methods to create multiple databases with software that is designed specifically to run on those platforms (Apache, and Windows server are a couple servers that can run software like WAMP or phpMyAdmin to manage these databases).
And in answer to the permissions: Yes, you can designate users that can have specific privileges on one, both, or neither of the databases. But, you can also set up table-specific roles and actions as well. This is more obvious with Microsoft's management studio though, where Mysql you may want to use something like Mysql Workbench initially.
On cPanel, for example, you can add a new database if your host allows it. On windows, you'll have to use other tools to set up a new database.
In answer to your first inquiry, each database requires its own connection, and there are database-wide operations that you can do such as migration and backups. A rule of thumb is to only keep entirely separate data in different databases, unless there is absolutely a reason to separate types of information into a different kind of database for efficiency. Typically, you do not relate data between different databases except for much more complex situations.
You can create separate databases and use them separately in sequel pro, I believe. Most platforms have an option to create a new db in the databases list.
Well I think I was confusing some stuff here. I apologize for that. I was calling databases 'tables'.
I was wanting to allow users to create new databases but not see the ones that others create. I think I can make this work by just limiting permissions and allowing users to access one or two databases.
It seems like PHPMyAdmin has some easier to use options than Sequel Pro. I've only briefly used it in the past but I'll give it another shot.
As for command line stuff, I love being able to work in command line but I don't know all the commands so it makes things generally difficult to figure out and the man pages weren't all that helpful.
Thank you for your answers and I'm sorry for my newbie questions.
Environment: Ubuntu 11.10, MySQL 5.1.58
I have a small database with views. When I try to dump and restore, I get
ERROR 1356 (HY000) at line 1693: View 'curation2.condition_reference_qrm_v' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
However, I can connect to the partially-restored database and create the view myself. Therefore, I suspect that the error message results from an issue unrelated to the view itself (but rather how it's restored, perhaps).
Here's the simple approach I use to demonstrate the problem:
MYSQL_PWD='xxx' mysqldump -u root --routines -B curation \
| perl -pe 's/`curation`/`curation2`/' \
| MYSQL_PWD='xxx' mysql -u root
There are many other reports online of similar problems. The mysqldump man page has a cryptic note about bugs with backing up views, but it's written as a historical problem rather than a current one.
So, the question is: Can MySQL reliably restore backups that contain views or not? If it can, how? If not, what do people do as a workaround?
Thanks,
Reece
This question is a bit old, but I've just wasted a couple of hours trying to solve the exactly same issue, so I guess a clear explanation could come in handy to someone in the future...
To cut to the chase: The problem is in the DEFINER field in your mysql dump. It looks something like:
/*!50013 DEFINER=`some_user`#`localhost` SQL SECURITY DEFINER */
The problem is that this *some_user#localhost* will always be hardcoded to the user account that was used to create the view in the original DB and NOT the user that you've used to export or import the database as one would expect (or at least I did). And later, during the import, this user will be used to re-create the view.
So you can export/import as root, but if the original DB is running under another user and it has no CREATE VIEW rights in the new database, the import will fail.
You have two simple solutions:
Search and replace all references to some_user#localhost in your dump file with your new user (the one you use to import the dump, e.g. root#localhost)
Or you can grant *some_user* appropriate rights on the new database so that views can be created under his account
Either way will fix the problem, but I think the first approach is way better and cleaner, as you don't have to worry about multiple users in the future.
What I found to solve the problem is to use the 'sql security invoker' when creating the view initially.
create or replace sql security invoker view <VIEW_NAME> as select ...
It defines access to the view by the invoker, and not the definer.
Then when the dump file is loaded, the view is create correctly.
With Amazon RDS:
To make this work with Amazon RDS, which does not allow super priv (which is needed to do the above) one can run this command to on the dump file:
# Remove DEFINER statement from VIEWS in Dump file
sed -i 's/\sDEFINER=`[^`]*`#`[^`]*`//' $DUMPFILE_NAME
Then when the dump file is loaded into an RDS, the view is create correctly.
I found the problem in my case. I'm unsure that it solves similar reports on the web.
This was fundamentally a permission problem that resulted from trying to copy this database to a new name. Permissions didn't exist for this user and schema (locus on curation2). I manually added 'GRANT ALL ON curation2.* TO locus' (locus is the user reported in the error). After doing this, the above command line worked fine.
The lesson is that one must manually grant necessary permissions to the destination database and tables when creating a new database.
Couple of things:
1.) Yes, you can create the views using some client BUT perhaps the owner of the tables is not the owner of the view, which leads to
2.) Usually, doing backups of views in mysql includes some "useless garbage" like
create algorithm xxx definer=<USER> sql security view <view_name> as ....
and that user often includes the IP or machine name the user logged on when creating the view... SO, the view won't create properly. Check that out, might help you.
Recently I started to use Linux (Ubuntu 9.10) instead of windows. I am working on a java web application with Spring, MYSQL with jpa. However, before to install linux I made a backup file from the database, then installed linux, installed the MYSQL Query Browser and Administrator tools, and using the Admin tool restored the backup file, then got all the tables and made a simple select statement from one of the tables and got result normally and everything seems to work just fine.
There a USER table, and there's a namedQuery defined to get a user by userName, the problem is that when I pass a correct userName I still get nothing!
I really don't know what is the problem! The application was working perfectly under windows!
Please, can anyone help me to solve this problem?
Thank you in advance.
The first thing that comes to mind is that MySQL table names are case sensitive on Linux but not on Windows. i.e. this might have worked on Windows:
SELECT ... FROM User ...
but on Linux you need to use the correct case for the table name:
SELECT ... FROM USER ...
but without more information it's really difficult to tell.
There are some settings that have different defaults under Windows and Linux, case sensitivity of table names etc. being one of them. It could be that a non-specified setting defaulted to one value on windows, but another under linux.
You're all right, and for my case I found out why wasn't I able to login passing the userName!
The problem is that when I restore schema from the backup file, all the tables are being created with lower case names, for example, the USER table would be user, then..
When I boot up tomcat, JPA creates automatically all the #Entity, therefore it creates a User tables for the #Entity User, the result is that I have two tables for USER, a user table which has all the data, and an empty User table, and this is the one that is used by the application! That's why I was not able to retrieve any data because actually there's no data to retrieve from the table.
A workaround to solve this problem I modified the backup file renaming all the tables as expected by JPA to avoid creating them again when booting up the application.
I really don't know if there's a better solution, but it worked like this for me.
Finally, thank you very much for your help.