My SQL 5.6.31 is setup on RHEL 7.2 as follows:
I can log in using the root user account as follows:
mysql -u root -p
Enter Password:
I created two normal users (one via my command line and one via my PHP based application)
Normal User Created via Command Line:
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
Normal User Created via my PHP based Web App:
My PHP Web app is just inserting the username into the database (database name: practiceDB) using INSERT INTO command in the code. Say for
example normal user that got created and stored into the database has name peter
Scenario #1:
When I log in into the mysql from the command line using username jeffery and password mypass like the following:
mysql -u jeffery -pmypass
And run the command, show databases, I can see my practiceDB and other default MySQL databases like information_schema.
Scenario #2:
Since one of the normal user (peter) got created by the webapp and is residing in the database (practiceDB), I tried to access from the
commandline the user without using any password as follows:
mysql -u peter
I can get into the mysql command prompt. Infact, forget about specifying the existing username peter in the above commandline.
Even if I specify any thing , I can get into the command prompt. Also, when I checked show databases, I only saw only information_schema database
which is not where my user got stored.
Could anyone tell me why this is happening?
1 Answer 1
When you use CREATE USER, all it does is add a row to mysql.user with host set to localhost, user set to jeffrey or peter, and the password column is filled in. All the DB privileges are defaulted to 'N'.
When you connect, run this:
SHOW GRANTS;
It will simply say GRANT USAGE. That means you can connect, AND NOTHING ELSE !!!
When you login as root, you must now explicitly tell mysqld to give grant privileges at various levels.
EXAMPLES
This will let jeffrey do everything except give away his privileges
GRANT ALL PRIVILEGES ON *.* to 'jeffrey'@'localhost';
This will let jeffrey do everything, including give away his privileges
GRANT ALL PRIVILEGES ON *.* to 'jeffrey'@'localhost' WITH GRANT OPTION;
This will let jeffrey do everything inside a database called jeff
GRANT ALL PRIVILEGES ON jeff.* to 'jeffrey'@'localhost';
Next time you login as root, run the following
DESC mysql.user;
DESC mysql.db;
This will show you what global (mysql.user) and database (mysql.db) privileges look like.
Please read MySQL Documentation on all the grants you can give out to users.
-
Thanks for answer. When I ran
SHOW GRANTSafter logging in asrootuser, I sawGrants for root@localhost | +----------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*829353BIGPASSWORDHEREF977' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTIONTan– Tan2017年01月24日 20:06:57 +00:00Commented Jan 24, 2017 at 20:06 -
Based on your answer, was it supposed to show
GRANT USAGEonly?Tan– Tan2017年01月24日 20:07:42 +00:00Commented Jan 24, 2017 at 20:07 -
Yes. Doing
CREATE USERdoes not give out any grants. So,USAGEis the only grant. You would have to execute GRANT commands on that new user thereafter.RolandoMySQLDBA– RolandoMySQLDBA2017年01月24日 20:09:07 +00:00Commented Jan 24, 2017 at 20:09 -
Thanks. One more question. Suppose I am inserting a user into the database table from PHP , how can I make sure that the user shows up after running the command
select * from mysql.user;. Right now only those users shows up which are created usingCREATE USERcommand. Because of PHP related user insertion usingINSERT INTO DATABASEcommand , I am unable to run grant command.Tan– Tan2017年01月24日 20:25:55 +00:00Commented Jan 24, 2017 at 20:25