30 messages in com.mysql.lists.mysqlRE: Any user with 'grant' privilege c...| From | Sent On | Attachments |
|---|---|---|
| Viktor Fougstedt | 09 Jan 2000 13:06 | |
| sin...@mysql.com | 10 Jan 2000 06:15 | |
| Viktor Fougstedt | 10 Jan 2000 06:39 | |
| Viktor Fougstedt | 10 Jan 2000 07:44 | |
| sin...@mysql.com | 10 Jan 2000 07:59 | |
| sin...@mysql.com | 10 Jan 2000 08:20 | |
| Robert Goff | 10 Jan 2000 08:24 | |
| sin...@mysql.com | 10 Jan 2000 08:44 | |
| Viktor Fougstedt | 10 Jan 2000 09:20 | |
| Juan Manuel Doren | 10 Jan 2000 09:22 | |
| Viktor Fougstedt | 10 Jan 2000 09:23 | |
| Viktor Fougstedt | 10 Jan 2000 09:35 | |
| sin...@mysql.com | 10 Jan 2000 09:36 | |
| sin...@mysql.com | 10 Jan 2000 09:41 | |
| Viktor Fougstedt | 10 Jan 2000 09:42 | |
| sin...@mysql.com | 10 Jan 2000 09:46 | |
| Michael Widenius | 10 Jan 2000 11:57 | |
| Benjamin Pflugmann | 10 Jan 2000 11:58 | |
| Michael Widenius | 10 Jan 2000 16:53 | |
| Michael Widenius | 10 Jan 2000 16:56 | |
| Van | 10 Jan 2000 20:13 | |
| Viktor Fougstedt | 11 Jan 2000 03:37 | |
| Michael Widenius | 11 Jan 2000 08:52 | |
| Paul DuBois | 12 Jan 2000 14:33 | |
| Van | 16 Jan 2000 07:26 | |
| sin...@mysql.com | 16 Jan 2000 07:36 | |
| Dylan Neild | 16 Jan 2000 21:05 | |
| Van | 16 Jan 2000 21:12 | |
| Paul DuBois | 17 Jan 2000 08:21 | |
| Michael Widenius | 26 Jan 2000 00:16 |
| Subject: | RE: Any user with 'grant' privilege can change root's password in3.22.27? |
|---|---|
| From: | Viktor Fougstedt (vik...@dtek.chalmers.se) |
| Date: | 01/10/2000 09:42:22 AM |
| List: | com.mysql.lists.mysql |
On Mon, 10 Jan 2000 sin...@mysql.com wrote:
If you are wary with GRANT OPTION , then you will have no problems.
Mysql-root, simply put, has all the rights !!
That I understand. I did not, however, understand that GRANT OPTION meant that you become a mysql-root.
In recent version, granting db rights with GRANT OPTION also gives root privileges to that user.
Ok. Then I understand. May I then humbly suggest that along with the information in the manual that I should set a root password is information that I should remove the 'test' users, since they can change root's password? May I also equally humbly suggest that the name is changed on the 'test'-users, as they are mysql-roots? After all, calling a root-account 'test' is not good for encouraging security. :-)
Your recollections regarding "They only have a grant option for test* databases" are simply wrong, because WITH GRANT OPTION exists on global level only !!!
Ok. What I don't understand is why there is a GRANT column in the db table. If GRANT is a global privilege, does not the GRANT column in the user table cover all possibilities? To me it was very misleading that GRANT on any single database means mysql-root.
I hope this answers all your queries on the subject.
Yes it does. Thank you.
/Viktor...
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |-- --| http://www.dtek.chalmers.se/~viktor/ |-- --| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--