12 Feb
2003
12 Feb
'03
9:11 a.m.
Hi,
Can someone find a reason why the controluser should have rights to the "mysql"
database, as we state in the doc?
We put $userlink (rights of the logged-in user) into $dbh when there is no controluser.
I know that we still need controluser for the Relational stuff, with rights
to pmadb.
Marc
12 Feb
12 Feb
9:44 a.m.
<quote who="Marc Delisle">
Can someone find a reason why the controluser should
have rights to the "mysql"
database, as we state in the doc?
As far as I can see, it is used to define which links shall be available in
main.php3 (see line 177 in this file). It also gets the list of available DBs for
that user in common.lib.php3 (line 778 onwards).
Or did I misunderstand your initial question?
--
Bye,
Garvin.
10 a.m.
Garvin Hicking wrote:
<quote who="Marc Delisle">
In main.php3, $dbh is used to look into the mysql.* tables. But if
not controluser is defined, $dbh will contain $userlink, and, for
PMA_MYSQL_INT_VERSION >= 32304
we then use a SHOW GRANTS to get the information. So with no controluser,
my non-privileged user sees all his databases in the left pane, and he sees
the Create database dialog because he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the MySQL version
where the controluser really needs privs on the mysql db.
Marc
Can someone find a reason why the controluser
should have rights to the "mysql"
database, as we state in the doc?
As far as I can see, it is used to define which links shall be available in
main.php3 (see line 177 in this file). It also gets the list of available DBs for
that user in common.lib.php3 (line 778 onwards).
Or did I misunderstand your initial question?
10:20 a.m.
Hi Marc, Garvin & list,
-----Original Message-----
From: Marc Delisle
In main.php3, $dbh is used to look into the mysql.* tables.
But if not controluser is defined, $dbh will contain
$userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then
use a SHOW GRANTS to get the information. So with no
controluser, my non-privileged user sees all his databases in
the left pane, and he sees the Create database dialog because
he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the
MySQL version where the controluser really needs privs on the
mysql db.
I am glad to see that you have so much trust in my SHOW GRANTS patch,
but it has its limitations:
The problem is that, in order to use SHOW GRANTS, we have to guess the
user's hostname as it appears in the user profile.
For example, you create a user 'foo'(a)'192.168.0.%' and logon as
'foo'(a)'192.168.0.123'2.168.0.123'.
In this case, phpMyAdmin sends these queries:
SHOW GRANTS FOR 'foo'(a)'192.168.0.123'2.168.0.123';
SHOW GRANTS FOR 'foo'@'%';
Both queries fail and MySQL would say that the user does not exist.
The SHOW GRANTS patch only works for users like 'user'@'host' or
'user'@'%' which are the most common ways to define users.
Regards,
Alexander M. Turek
<alex(a)bugfixes.info>
+-----------------------------+
| The phpMyAdmin Project |
| http://www.phpmyadmin.net |
| rabus(a)users.sourceforge.net |
+-----------------------------+
| [bugfixes.info] |
| http://www.bugfixes.info |
| rabus(a)bugfixes.info |
+-----------------------------+
7891
days inactive
7891
days old
3 comments
3 participants
participants (3)
-
Garvin Hicking -
Marc Delisle -
Rabus