15 Apr
2014
15 Apr
'14
2:01 p.m.
Hi,
Nope, the Grant option is to allow the user using Grant command itself. A
user with Grant privileges can give to anybody else the same rights he
already possesses, but this GRANT option doesn't come with a "GRANT ALL
PRIVILEGES". See
https://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_grant…
I don't see what you mean by "assign rights to created databases" Jeremie.
If you're using the default parameter which makes mysql bind on 127.0.0.1,
you only need to control who's able to connect to the machine with SSH.
2014-04-15 10:37 GMT+02:00 Jeremie BOUSQUET <jeremie.bousquet(a)gmail.com>om>:
Hello,
I think GRANT right is needed, so xwiki db user can automatically assign
rights to created databases, isn't it ?
You have some ways to improve security, as using a strong password for
xwiki db user, limiting login from this specific server only, etc...
You could also give privilege needed to create new db only when you need it
(ie, you want to create a subwiki), and remove them afterwards (supposing
you control the subwiki creation process).
BR,
Jeremie
2014-04-14 19:17 GMT+02:00 Guillaume Fenollar <
guillaume.fenollar(a)xwiki.com>
:
Hello,
Giving "ALL PRIVILEGES" doesn't give the GRANT option, so basically, if
you
run this command, it will give xwiki user all the
rights, but to that one
only. Beyond that, I don't see how the reload privilege could be
dangerous
at all to give.
The only way to make it more secure is to grant the rights for every
database, one by one.
We used to meet people having issues during wikis creations, because of
lack of privileges, that's why the documentation directly advise to give
all privileges to everything. So of course, you can also pick the
exclusive
rights you want to grant, but since you need to
do that for every
database,
it may be a bit long.
Good luck
Guillaume
2014-04-14 9:43 GMT+02:00 Martin Hamant <mh(a)ow2.org>rg>:
> Hi,
>
> It is mentioned in the documentation "Give all privileges to the xwiki
> user for accessing and creating databases" - because the user to be
able
to
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
create additional databases for sub-wikis ; but
isn't it a little pushy
to
give *all* the privileges (Grant, reload...) to
the xwiki user ?
How could I secure the xwiki mysql user account a little more ?
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users