Hi,
Can someone find a reason why the controluser should have rights to the "mysql" database, as we state in the doc?
We put $userlink (rights of the logged-in user) into $dbh when there is no controluser.
I know that we still need controluser for the Relational stuff, with rights to pmadb.
Marc
<quote who="Marc Delisle">
Can someone find a reason why the controluser should have rights to the "mysql" database, as we state in the doc?
As far as I can see, it is used to define which links shall be available in main.php3 (see line 177 in this file). It also gets the list of available DBs for that user in common.lib.php3 (line 778 onwards).
Or did I misunderstand your initial question?
Garvin Hicking wrote:
<quote who="Marc Delisle">
Can someone find a reason why the controluser should have rights to the "mysql" database, as we state in the doc?
As far as I can see, it is used to define which links shall be available in main.php3 (see line 177 in this file). It also gets the list of available DBs for that user in common.lib.php3 (line 778 onwards).
Or did I misunderstand your initial question?
In main.php3, $dbh is used to look into the mysql.* tables. But if not controluser is defined, $dbh will contain $userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then use a SHOW GRANTS to get the information. So with no controluser, my non-privileged user sees all his databases in the left pane, and he sees the Create database dialog because he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the MySQL version where the controluser really needs privs on the mysql db.
Marc
Hi Marc, Garvin & list,
-----Original Message----- From: Marc Delisle
In main.php3, $dbh is used to look into the mysql.* tables. But if not controluser is defined, $dbh will contain $userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then use a SHOW GRANTS to get the information. So with no controluser, my non-privileged user sees all his databases in the left pane, and he sees the Create database dialog because he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the MySQL version where the controluser really needs privs on the mysql db.
I am glad to see that you have so much trust in my SHOW GRANTS patch, but it has its limitations: The problem is that, in order to use SHOW GRANTS, we have to guess the user's hostname as it appears in the user profile. For example, you create a user 'foo'@'192.168.0.%' and logon as 'foo'@'192.168.0.123'. In this case, phpMyAdmin sends these queries: SHOW GRANTS FOR 'foo'@'192.168.0.123'; SHOW GRANTS FOR 'foo'@'%'; Both queries fail and MySQL would say that the user does not exist.
The SHOW GRANTS patch only works for users like 'user'@'host' or 'user'@'%' which are the most common ways to define users.
Regards,
Alexander M. Turek alex@bugfixes.info
+-----------------------------+ | The phpMyAdmin Project | | http://www.phpmyadmin.net | | rabus@users.sourceforge.net | +-----------------------------+ | [bugfixes.info] | | http://www.bugfixes.info | | rabus@bugfixes.info | +-----------------------------+
-
Garvin Hicking -
Marc Delisle -
Rabus