Default privileges of a new user?

Default privileges of a new user?

am 02.03.2010 04:33:33 von PengXiaoxun

------=_Part_122647_16815444.1267500813207
Content-Type: text/plain; charset=gbk
Content-Transfer-Encoding: 7bit

I create a new account via the following statement:
CREATE USER 'monty'@'%' IDENTIFIED BY '123456';
Without any privileges granted, the user 'monty' can access the database information_schema via a remote host.
Why?
How can I create a new user without any privileges actually?
------=_Part_122647_16815444.1267500813207--

Re: Default privileges of a new user?

am 02.03.2010 04:41:29 von sureshkumarilu

--000e0cd32874160f7c0480c9242a
Content-Type: text/plain; charset=ISO-8859-1

Information schema is a Virtual DB, the default "usage" grants privilege
will be there so he can see few databases like test, mysql and
Information_schema but cannot access any data.
If you want to restrict the remote connection, Specify the hostname instead
of '%' so users can only connect from that host alone.



--
Thanks
Suresh Kuna
MySQL DBA

2010/3/2 PengXiaoxun

> I create a new account via the following statement:
> CREATE USER 'monty'@'%' IDENTIFIED BY '123456';
> Without any privileges granted, the user 'monty' can access the database
> information_schema via a remote host.
> Why?
> How can I create a new user without any privileges actually?

--000e0cd32874160f7c0480c9242a--

Re: Default privileges of a new user?

am 02.03.2010 06:58:14 von Shawn Green

PengXiaoxun wrote:
> I create a new account via the following statement:
> CREATE USER 'monty'@'%' IDENTIFIED BY '123456';
> Without any privileges granted, the user 'monty' can access the database information_schema via a remote host.
> Why?
> How can I create a new user without any privileges actually?
>

You need to complete your installation by removing the anonymous user
accounts. This is described here in the Installation portion of our manual:
http://dev.mysql.com/doc/refman/5.1/en/default-privileges.ht ml

Then issue the command
SHOW GRANTS FOR 'monty'@'%';
http://dev.mysql.com/doc/refman/5.1/en/show-grants.html

If the only privilege this user has is 'USAGE' then the only privilege
they have is the ability to authenticate with the MySQL instance. This
is a 'no-privileges' account.
http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.h tml#priv_usage

Additional explanation of how MySQL security works is located in the
following sections of Chapter 5 of the manual:
http://dev.mysql.com/doc/refman/5.1/en/security.html
http://dev.mysql.com/doc/refman/5.1/en/privilege-system.html
http://dev.mysql.com/doc/refman/5.1/en/user-account-manageme nt.html

--
Shawn Green
MySQL Principle Technical Support Engineer
Oracle USA, Inc.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org