MySQL Forums
Forum List  »  PHP

Minimum privileges to create a user, then a database, and then grant permissions
Posted by: Walter Oney
Date: December 05, 2019 07:24PM

I need to do the following things from a PHP script: create a user (I now understand how), create a database (this was easy), then grant permissions on the new database to the new user. I'd like to do these things as a user with the minimum required privileges -- i.e., not root.

For example, let's suppose I have a user named 'admin' whose privilege set looks like this:

GRANT CREATE, RELOAD, CREATE USER ON *.* TO 'admin'@'localhost' with GRANT OPTION
GRANT SELECT, INSERT ON 'mysql'.'user' TO 'admin'@'localhost'

The idea is execute these commands via mysqli_real_query:

CREATE USER `new-user`@`localhost` <etc.>;
CREATE DATABASE fubar;
GRANT ALL ON fubar.* TO admin@localhost; [so he can populate the database]
GRANT ALL ON fubar.* TO new-user@localhost; [so he can take the new database over]
USE fubar;
CREATE TABLE <etc.>
REVOKE ALL ON fubar.* FROM admin@localhost;

The problem is that the GRANT statements require that admin own the privileges he's trying to grant to new-user, but he (circularly) needs ALL access to database 'fubar' in order to grant those self-same privileges! I can't know the names of all possible databases in advance

Options: ReplyQuote


Subject
Written By
Posted
Minimum privileges to create a user, then a database, and then grant permissions
December 05, 2019 07:24PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.