|
FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
MySQL permission oddity
I have MySQL running on my FBSD box at home, finally. I decided to make a small database for analyzing /var/log/messages, as my system has been under an interested distributed hack attempt lately and I wanted to see if it would actually be useful to try blacklisting the addresses (sometimes over 200 different addresses attempting ssh connections in one day).
To make a long story less long, I made a database "hackers", with one table "attempts". This table has three columns "time_id", "IP_address", and "faileduser_id". If I connect to the database as root, I can see the table and columns correctly. Obviously this is not a good practice so I then made a database account "syslog" and gave it permissions accordingly: Code:
grant all on hackers to syslog@localhost identified by 'PASSWORD'; So then I connect to the database as syslog: Code:
> mysql -u syslog -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Code:
mysql> connect hackers; Current database: hackers mysql> show tables in hackers; Empty set (0.00 sec) |
|
|||
Instead of
Code:
$ mysql -u syslog -p Code:
$ env USER=syslog mysql -u syslog -p I was assuming mysql looks at the environment variable ${USER} to determine which user you are. However http://dev.mysql.com/doc/refman/5.1/en/privileges.html says Quote:
Does the output of SHOW GRANTS FOR 'syslog' give any clue?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 13th December 2008 at 06:07 PM. Reason: Reasoning added |
|
|||
Quote:
Code:
mysql> show grants for 'syslog'@'localhost'; +---------------------------------------------------------------------------------------------------------------+ | Grants for syslog@localhost | +---------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'syslog'@'localhost' IDENTIFIED BY PASSWORD '' | | GRANT ALL PRIVILEGES ON `hackers`.`hackers` TO 'syslog'@'localhost' | | GRANT ALL PRIVILEGES ON `hackers`.`demo` TO 'syslog'@'localhost' |
|
|||
Found it...
Looks like the problem was that it was permissions for tables, not databases. In this case, the database was called "hackers" and the table was called "attempts".
AFAIK, there may be no mechanism to grant permissions for entire databases, only for tables within. So then I did Code:
mysql> grant all on Attempts to syslog@localhost identified by 'varlog'; Query OK, 0 rows affected (0.00 sec) Code:
mysql> show grants for 'syslog'@'localhost'; +---------------------------------------------------------------------------------------------------------------+ | Grants for syslog@localhost | +---------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'syslog'@'localhost' IDENTIFIED BY PASSWORD '' | | GRANT ALL PRIVILEGES ON `hackers`.`Attempts` TO 'syslog'@'localhost' thanks! |
|
|||
Quote:
Instead of giving a user all privileges, give him only the privileges that he needs. In fact you will only need the SELECT and INSERT privileges, but if you want to delete or update some data (remove old entries for example) from the database you can add the DELETE and UPDATE privileges. Quote:
Code:
GRANT SELECT, INSERT, DELETE, UPDATE ON hackers.* TO 'syslog'@'localhost' IDENTIFIED BY 'somepassword'; You can have a look at the MySQL documentation for more information about the GRANT syntax and the different levels of privileges http://dev.mysql.com/doc/refman/5.1/en/grant.html Also to reduce the number of hackers trying to get into your box via SSH, you could change the port number SSH is listening to - for example some high port number.
__________________
"I never think of the future. It comes soon enough." - A.E Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Permission problems after restore | Crotalus | FreeBSD Installation and Upgrading | 3 | 5th February 2009 02:17 PM |
FFS permission issue | marc | OpenBSD General | 2 | 2nd February 2009 07:31 PM |
Permission denied (publickey). Help pls | rex | FreeBSD General | 13 | 14th October 2008 08:54 PM |
user permission... | lumiwa | FreeBSD General | 12 | 30th September 2008 02:28 AM |
Permission denied | delboy | FreeBSD Ports and Packages | 11 | 24th May 2008 09:26 PM |