[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] I'm an idiot - please help me

Subject: Re: [cobalt-users] I'm an idiot - please help me
From: "Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Wed Apr 4 11:46:16 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Phoenix,

> On Sun, 18 Mar 2001, Chris Moreton wrote:
>
> > The weirdest thing I haven't yet figured is that in order to get the
MySql
> > daemon to start on reboot I needed to replace the lengthy mysql script
in
> > /etc/rc.d/init.d to read simply "safe_mysqld &".  This works fine and
from
> > the looks of things the mysql script is a copy of the mysql.server
script
> > that comes with the mysql download.
>
>    hmm, what's wrong with the original script?

Nothing. Chris shouldn't delete it, he should make symlinks to at least
rc3.d if so needed.

>    so what do i do?
>    only give the mysql adminstrator full privileges. give
>    none to the rest of the normal users listed in the
>    "user" table. they don't need it to access their databases;
>    as long as their user name and password is ok, mysql
>    lets them connect successfully.  instead, give the users
>    FULL permissions to their own databases under the table
>    called "db" in the "mysql" database.

Even *that* can be dangerous. Not to your databaseserver, it'll follow
nicely, but to you! ;-)
I've had a "Ohwmagawd, I think I - ehm - might have made a - ehm -
mistake... What does 'drop table X' mean again?" more than once. The drop
priviledge is now only handed out to experienced users...

>    (whew, long mail at 2am+ at night, hope i don't do/say anything
>    wrong again... like the du -h --max-depth thing :PPP).

Nope, hit the nail right on the head, AFAIK. :-)

>    suggestion, read this article:
>    http://www.devshed.com/Server_Side/MySQL/Grant_Tables/
>
>    monitor this "place" (or u can subscribe to their newsletters):
>    http://www.devshed.com/Server_Side/MySQL/
>
>    get this free web-based administration tool:
>    http://phpwizard.net/projects/phpMyAdmin/
>    (saves u hours and a lot of typing but needs
>     a little bit of setting up. note: treat all
>     references/links/buttons to "delete" and "drop"
>     like the way you treat "rm -fr")

And make this one your start page in whatever browser you like:
http://www.mysql.com/doc/.

Some few weeks ago, I was advertising for phpMyAdmin aswell, and someone
pointed to the GRANT syntax.
Read all about it here: http://www.mysql.com/doc/G/R/GRANT.html.

It turns out that, by trusting phpMyAdmin too much, I forgot to read the
important stuff in the MySQL manual (important stuff which you have
explained very nicely in your post!). Totally my fault, has nothing to do
with phpMyAdmin; it's a great product. This hole in my 'knowledge base'
might have caused quite a stir, had it been abused.

<shame>Let's just say that about a year ago, mysql.user contained some
Y'ses...</shame>

>    learn how to use .htaccess and .htpasswd to protect the
>    web-based admin page above.

But do that before you put phpMyAdmin online. :-)

>    erm... guess that's about it on mysql. will try to come out
>    with a more coherent FAQ-like thing when i'm freer, hopefully
>    this will be of some help to the mysql admins out there... :)

I'm looking forward to you FAQ-like thingy already! :-)

Greetz... Nico

References:
- Re: [cobalt-users] I'm an idiot - please help me
  - From: Phoenix Hawk

Prev by Date: RE: [cobalt-users] have fun
Next by Date: Re: [cobalt-users] Chili ASP <Somewhat off topic..>
Previous by thread: Re: [cobalt-users] I'm an idiot - please help me
Next by thread: [cobalt-users] How to delete mail through telnet?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index