Prevent users creating their own databases

[col69]

Hi,

I've installed 4.0.22 and phpMyAdmin 2.6.0-pl2 and followed the instructions, removed the "guest" accounts. Granted users ALL privs on their own db only, which I created. Globally users just have the USAGE priv, no create priv but users can still create their own databases which I need to prevent. What am I missing ?

Cheers

 

[Bastien]

Don't grant all, grant only what is needed for the app to work. My personal preference is to grant (select, update, insert, connect [,delete if needed])

It really depends on what those users and applications needs to do.

Bastien

Cat, the other other white meat

 

[col69]

Still having a problem, revoke all privs does prevent db creation via mysql monitor but if then grant select,update etc but not create on their database they can still create other new databases.

Weirder still, if revoke all for that user and then login as the user using phpMyAdmin I can create a new database despite having no privs apart from USAGE ??? This has been set up as per phpMyAdmin instructions.

Any ideas - is really possible to create a db for a user, give them privileges to it, but prevent them from creating other new databases ? Example grants would be helpful
Cheers

 

[Bastien]

grant select, update, insert on *.* to 'username' identified by password('some_password');

change the *.* to id a specific db ie test.*

phpmyadmin by default has root privileges (thats the normal account used to admin the db) otherwise adminning the db would be really tough


When privielges are changed, issue the command 'flush privileges' to have the new ones take effect the NEXT time the user logs in

Bastien

Cat, the other other white meat

 

[col69]

Sorry, should have said this is a multi user environment where I want users to be able to admin their own db via phpMyAdmin using their own mysql login but not create any new db's. The docs. not say how to disable this functionality, well apart from hacking the php code

 

[Bastien]

setting phpmyadmin is complex...there is a really good book on this

matering phpmyadmin for effective mysql mgmt
by marc delisle
isbn 1-904811-03-5

chapter 17 talks about this:



Bastien

Cat, the other other white meat

 

[MichealC4]

If I set CREATE, INSERT, UPDATE, ALTER, DELETE, DROP for their database only, phpMyAdmin tells me that the user in question cannot create the database. But it is still possible under MySQL command line. Using latest phpMyAdmin and MySQL 4.1.7, by the way, if that helps you any col69.

----------------------------
"Security is like an onion" - Unknown

 

[ericbrunson]

Be careful, rights for username@localhost, usename@% and username@specific.hosts.com are different.

 

[col69]

Thanks for the tips. Unfortunately, phpMyAdmin version 2.6.0-pl2 doesn't work with mysql-standard-4.1.7 on my platform. Throws error about client incapatiblity, so I'm stuck with 4.0.22. We are using latest PHP as well. Are there any other web admin interfaces similar to phpMyAdmin that I could use in a multi user setup ?

 

[MichealC4]

col69: Was it this error?

Client does not support authentication protocol requested
by server; consider upgrading MySQL client

If so,

http://dev.mysql.com/doc/mysql/en/Old_client.html

I recommend the OLD_PASSWORD fix.

----------------------------
"Security is like an onion" - Unknown