granting file privileges

granting file privileges

am 31.07.2011 17:38:39 von Douglas Denault

I have both a theory question and a question on implementation of privileges.
First theory. I have been using:

grant all privileges on db-name.* to user@localhost
identified by 'password';

Because I blunder about as root I never was impacted by 'file' being a global
permission. As 'load infile' seems (to me) to be equivalant to 'insert' I do not
see the reason for this. If its just a historical thing, so be it, but IMO it
makes little sense that a user could create and/or delete a table but to import
data he is required to convert a csv file to 'insert value' statements.

My implementation question is about specifying the user. Apparently the
following are different:

1) user@localhost
2) 'user@localhost'
3) 'user'@'localhost'

I have not tested all this, but I did grant file privileges to #1 but could not
use them logging into with 'mysql -u doug@localhost sysadmin' ('doug' being
setup without a password).

The question is which form should be used and why are they different as all are
accepted without error and all add entries for the users and db tables.


_____
Douglas Denault
http://www.safeport.com
doug@safeport.com
Voice: 301-217-9220
Fax: 301-217-9277

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: granting file privileges

am 31.07.2011 20:04:48 von Claudio Nanni - TomTom

--005045017232b6a6e704a9615919
Content-Type: text/plain; charset=ISO-8859-1

Hi Doug,

1.FILE is GLOBAL because it refers to the ability of the user to read/write
files on the server host filesystem (where the filesystem permissions
allow).
2.
1) user@localhost OK, not recommended
2) 'user@localhost' WRONG
3) 'user'@'localhost' OK, BEST

single quotes prevent any problem in case of special characters in the host
name.

Cheers!

Claudio


2011/7/31

> I have both a theory question and a question on implementation of
> privileges. First theory. I have been using:
>
> grant all privileges on db-name.* to user@localhost
> identified by 'password';
>
> Because I blunder about as root I never was impacted by 'file' being a
> global permission. As 'load infile' seems (to me) to be equivalant to
> 'insert' I do not see the reason for this. If its just a historical thing,
> so be it, but IMO it makes little sense that a user could create and/or
> delete a table but to import data he is required to convert a csv file to
> 'insert value' statements.
>
> My implementation question is about specifying the user. Apparently the
> following are different:
>
> 1) user@localhost
> 2) 'user@localhost'
> 3) 'user'@'localhost'
>
> I have not tested all this, but I did grant file privileges to #1 but could
> not use them logging into with 'mysql -u doug@localhost sysadmin' ('doug'
> being setup without a password).
>
> The question is which form should be used and why are they different as all
> are accepted without error and all add entries for the users and db tables.
>
>
> _____
> Douglas Denault
> http://www.safeport.com
> doug@safeport.com
> Voice: 301-217-9220
> Fax: 301-217-9277
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?**
> unsub=claudio.nanni@gmail.com
>
>


--
Claudio

--005045017232b6a6e704a9615919--

Re: granting file privileges

am 31.07.2011 20:21:41 von Douglas Denault

Got it - thank you, I did not think about the meaning of file except as it
relates to MySQL. Re syntax - thanks.

On Sun, 31 Jul 2011, Claudio Nanni wrote:

> Hi Doug,
>
> 1.FILE is GLOBAL because it refers to the ability of the user to read/write
> files on the server host filesystem (where the filesystem permissions
> allow).
> 2.
> 1) user@localhost OK, not recommended
> 2) 'user@localhost' WRONG
> 3) 'user'@'localhost' OK, BEST
>
> single quotes prevent any problem in case of special characters in the host
> name.
>
> Cheers!
>
> Claudio
>
>
> 2011/7/31
>
>> I have both a theory question and a question on implementation of
>> privileges. First theory. I have been using:
>>
>> grant all privileges on db-name.* to user@localhost
>> identified by 'password';
>>
>> Because I blunder about as root I never was impacted by 'file' being a
>> global permission. As 'load infile' seems (to me) to be equivalant to
>> 'insert' I do not see the reason for this. If its just a historical thing,
>> so be it, but IMO it makes little sense that a user could create and/or
>> delete a table but to import data he is required to convert a csv file to
>> 'insert value' statements.
>>
>> My implementation question is about specifying the user. Apparently the
>> following are different:
>>
>> 1) user@localhost
>> 2) 'user@localhost'
>> 3) 'user'@'localhost'
>>
>> I have not tested all this, but I did grant file privileges to #1 but could
>> not use them logging into with 'mysql -u doug@localhost sysadmin' ('doug'
>> being setup without a password).
>>
>> The question is which form should be used and why are they different as all
>> are accepted without error and all add entries for the users and db tables.
>>
>>
>> _____
>> Douglas Denault
>> http://www.safeport.com
>> doug@safeport.com
>> Voice: 301-217-9220
>> Fax: 301-217-9277
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe: http://lists.mysql.com/mysql?**
>> unsub=claudio.nanni@gmail.com
>>
>>
>
>
> --
> Claudio
>

_____
Douglas Denault
http://www.safeport.com
doug@safeport.com
Voice: 301-217-9220
Fax: 301-217-9277

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org