[Phpmyadmin-devel] rights of the controluser

Rabus rabus at bugfixes.info
Wed Feb 12 07:20:02 CET 2003

Hi Marc, Garvin & list,

-----Original Message-----
From: Marc Delisle
> In main.php3, $dbh is used to look into the mysql.* tables.
> But if not controluser is defined, $dbh will contain
> $userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then
> use a SHOW GRANTS to get the information. So with no
> controluser, my non-privileged user sees all his databases in
> the left pane, and he sees the Create database dialog because
> he has a wildcard db CREATE priv.
> So maybe we should rephrase in the doc, to talk about the
> MySQL version where the controluser really needs privs on the
> mysql db.

I am glad to see that you have so much trust in my SHOW GRANTS patch,
but it has its limitations:
The problem is that, in order to use SHOW GRANTS, we have to guess the
user's hostname as it appears in the user profile.
For example, you create a user 'foo'@'192.168.0.%' and logon as
In this case, phpMyAdmin sends these queries:
  SHOW GRANTS FOR 'foo'@'';
  SHOW GRANTS FOR 'foo'@'%';
Both queries fail and MySQL would say that the user does not exist.

The SHOW GRANTS patch only works for users like 'user'@'host' or
'user'@'%' which are the most common ways to define users.


Alexander M. Turek
<alex at bugfixes.info>

| The phpMyAdmin Project      |
| http://www.phpmyadmin.net   |
| rabus at users.sourceforge.net |
| [bugfixes.info]             |
| http://www.bugfixes.info    |
| rabus at bugfixes.info         |

More information about the Developers mailing list