30 messages in com.mysql.lists.mysqlRE: Any user with 'grant' privilege c...| From | Sent On | Attachments |
|---|---|---|
| Viktor Fougstedt | 09 Jan 2000 13:06 | |
| sin...@mysql.com | 10 Jan 2000 06:15 | |
| Viktor Fougstedt | 10 Jan 2000 06:39 | |
| Viktor Fougstedt | 10 Jan 2000 07:44 | |
| sin...@mysql.com | 10 Jan 2000 07:59 | |
| sin...@mysql.com | 10 Jan 2000 08:20 | |
| Robert Goff | 10 Jan 2000 08:24 | |
| sin...@mysql.com | 10 Jan 2000 08:44 | |
| Viktor Fougstedt | 10 Jan 2000 09:20 | |
| Juan Manuel Doren | 10 Jan 2000 09:22 | |
| Viktor Fougstedt | 10 Jan 2000 09:23 | |
| Viktor Fougstedt | 10 Jan 2000 09:35 | |
| sin...@mysql.com | 10 Jan 2000 09:36 | |
| sin...@mysql.com | 10 Jan 2000 09:41 | |
| Viktor Fougstedt | 10 Jan 2000 09:42 | |
| sin...@mysql.com | 10 Jan 2000 09:46 | |
| Michael Widenius | 10 Jan 2000 11:57 | |
| Benjamin Pflugmann | 10 Jan 2000 11:58 | |
| Michael Widenius | 10 Jan 2000 16:53 | |
| Michael Widenius | 10 Jan 2000 16:56 | |
| Van | 10 Jan 2000 20:13 | |
| Viktor Fougstedt | 11 Jan 2000 03:37 | |
| Michael Widenius | 11 Jan 2000 08:52 | |
| Paul DuBois | 12 Jan 2000 14:33 | |
| Van | 16 Jan 2000 07:26 | |
| sin...@mysql.com | 16 Jan 2000 07:36 | |
| Dylan Neild | 16 Jan 2000 21:05 | |
| Van | 16 Jan 2000 21:12 | |
| Paul DuBois | 17 Jan 2000 08:21 | |
| Michael Widenius | 26 Jan 2000 00:16 |
| Subject: | RE: Any user with 'grant' privilege can change root's password in3.22.27? |
|---|---|
| From: | Viktor Fougstedt (vik...@dtek.chalmers.se) |
| Date: | 01/10/2000 09:20:08 AM |
| List: | com.mysql.lists.mysql |
On Mon, 10 Jan 2000 sin...@mysql.com wrote:
Yes, that is exactly what 'WITH GRANT OPTION' is designed for !!!
Update privileges are not important for operations with grant tables. 'WITH GRANT OPTION' is all that is needed.
This is standard ANSI SQL92 behaviour, and most of RDBMS's conform to it !!
Ok, seems I've misunderstood here. I believed that WITH GRANT OPTION meant that I could give away _my_own_ privileges. But WITH GRANT OPTION seems to mean that I can give away _any_ privileges in the entire database, i.e. that I'm a mysql-root.
Why should I be able to change the password of those to whom I give the rights? I'm _not_ talking about a global grant option in the mysql.user table here, but about a grant option on a specific database in the mysql.db-table.
From the manual, section on GRANT:
- In MySQL 3.22.12 or later, if a new user is created or if you have - global grant privileges, the user's password will be set to the - password specified by the IDENTIFIED BY clause, if one is given. If - the user already had a password, it is replaced by the new one.
The test users, as created by the mysql_install_db-script does not have global grant privileges. There is a 'N' in that column in the mysql.user table. They only have a grant option for test* databases. But they can still update the password of any user in the database, including root. To me that seems wrong.
/Viktor...
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |-- --| http://www.dtek.chalmers.se/~viktor/ |-- --| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--