privs / user table / "user"@"%" not same as "user"@"localhost"?
Posted by: Elan Ruskin
Date: October 21, 2004 08:19PM

I've been having some trouble with privileges for users I've set up to allow from host "%"; while this permits them to connect from any other *remote* host, it seems not to match programs connecting from localhost.

For example, if I
GRANT SELECT ON *.* TO 'FOO'@'%'

then I can read any table if I connect to the db from any machine in the building -- EXCEPT the one that MySQL is on. If I attempt to connect through the local socket (ie, from the Apache/PHP httpd that runs on the same machine) with the **very same username**, I get -

% mysql -h localhost -u foo
mysql> use whatever;
ERROR 1044 (42000): Access denied for user ''@'localhost' to database 'whatever'

Similarly every entry in the db table has a hostname of "%". The host table is empty.

This leads me to believe that if I have a host field of "%" for a row in the user table, then that will match any *other* machine, but not a client connecting from 'localhost' (as one of our httpd must do). Is this by design? Is there any way to fix it? It is absolutely impractical for us to have both @'%' and @'localhost' versions of every username.

Since the db is behind a firewall and invisible to anyone outside of the organization, we aren't concerned about the security implications of a % hostname.

Many thanks for any help.

Options: ReplyQuote


Subject
Written By
Posted
privs / user table / "user"@"%" not same as "user"@"localhost"?
October 21, 2004 08:19PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.