chapter 12

Mysql Developer's Library, Pual Dubios. 4th Edition

Chapter 12

MySql Administration


Securing a new MySQL Installation

• The MySQL installation procedure sets up the server's data directory and populates it with two databases:– A mysql database containing the grant tables that

control access by clients to the server– A test database that can be used for testing

purposes


Securing a new MySQL Installation

• The initial installation is not secure, so you should assign passwords to these accounts.


• The book uses examples of running MySQL server on a machine with a hostname of cobra.snake.net and that you will be connecting to the server from that same machine


Passwords for Initial MySQL Accounts

• The grant tables in the mysql database are set up during the MySQL installation procedure with two kinds of accounts.



• Accounts that have a username of root. – These are superuser accounts intended for

administrative purposes. – The root accounts have all privileges and can do

anything, including deleting all your databases and shutting down the server.



• Accounts that have a blank username. • These are "anonymous" accounts; – they enable Users to connect to the server

without having accounts explicitly set up for them in advance.

– Anonymous users usually are given very few privileges, to limit the scope of what they can do.


User table

• Each entry (row) in the user table contains a Host value that indicates – the host from which a user can connect– User – Password values that indicate the name and

password the user must give when connecting from that host.


User table

SELECT Host, User, Password FROM mysql.user;


• The Windows user table entries look like those in the following table.


User table – root access

• These user table account entries enable connections by client programs as follows:

• You can connect as root from the local host. As root, you have all privileges and can perform any operation.


User table – anonymous access

• You can connect anonymously with no username from the local host.

• For current versions of MySQL, this account has no superuser privileges.

• Before MySQL 5.0.36/5.1.16, the account has the same superuser privileges as root and can do anything.

• Revoke privileges to anonymous account in addition to assigning a password to the account, or perhaps just delete the account entirely.


Db Table

• Another grant table contains privilege information that enables anonymous users to use a particular database on the mysql server.


password-assignment

• Connect to the server as root, determine which accounts have no password

• use a SET PASSWORD statement for each one.• SELECT Host, User FROM mysql.user WHERE

Password = '';


SET Password Statement• mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('rootpass'); • mysql> SET PASSWORD FOR 'root'@'cobra.snake.net' =

PASSWORD('rootpass'); • mysql> SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('rootpass'); • mysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('anonpass'); • mysql> SET PASSWORD FOR ''@'cobra.snake.net' =

PASSWORD('anonpass');


SET PASSWORD – with UPdate

• An alternative to SET PASSWORD is to modify the user table directly with UPDATE.

• This method can be used to specify a password for all accounts with a given User value, regardless of their Host value, and thus modify multiple accounts simultaneously.

• To set the password for all root accounts and all anonymous-user accounts, use these statements.


• mysql> UPDATE mysql.user SET Password=PASSWORD('rootpass') WHERE User='root';

• mysql> UPDATE mysql.user SET Password=PASSWORD('anonpass') WHERE User=''; mysql> FLUSH PRIVILEGES;


SET PASSWORD

• SET PASSWORD – the server notices that you've made a change to

the grant tables and automatically re-reads them to refresh its in-memory copy of the tables.

• UPDATE – it's necessary to explicitly tell the server to reload

the tables. – Use FLUSH PRIVILEGES statement following the

UPDATE statements.


Check privileges

• mysql> SHOW GRANTS for ''@'localhost';


• no superuser privileges, the output will look like this


• account has superuser privileges, you'll see this instead


revoke the account's privileges• mysql> REVOKE ALL ON *.* FROM ''@'localhost'; mysql> REVOKE GRANT OPTION ON *.* FROM ''@'localhost';


Delete a user

• mysql> DROP USER ''@'localhost';• mysql> DROP USER ''@'cobra.snake.net';


• For REVOKE and DROP USER, the server automatically re-reads the grant tables and no FLUSH PRIVILEGES statement is needed.


Running the MySQL Server On Windows

• Windows servers provide two types of connections


Running the Server as a Windows Service

• On Windows, any MySQL server can be installed as a Windows service using this command:

• C:\> C:\mysql\bin\mysqld --install


Start or Stop Mysql

• To start or stop the service from the command line, use the following commands:

• C:\> net start MySQL• C:\> net stop MySQL


Stop Service from Localhost

• Use a host value of 127.0.0.1 rather than localhost:

• % mysqladmin -p -u root --protocol=tcp shutdown

• % mysqladmin -p -u root -h 127.0.0.1 shutdown


Stop Service from Localhost

• 127.0.0.1 is an IP number (it refers to the local host's loopback interface)

• it explicitly forces a TCP/IP connection to be used rather than a socket connection.


Controlling How the Server Listens for Connections

• The default port number is 3306


Named Pipes

• By default the MySQL server will allow connections via TCP/IP from any host (but may reject a connection based on the user's remote hostname/IP address).

• In many cases TCP/IP connectivity is not required and can be disabled to prevent remote access to the MySQL server.

• If you are using MySQL locally for development or for use with a web server, you should disable TCP/IP networking.


Named Pipes – Windows Server

• Named-pipe connections are disabled by default. • To enable this capability, start the server with the --

enable-named-pipe option. • This enables local clients to connect through the

named pipe by specifying the --protocol=pipe option or by connecting to the special hostname "." (period).

• By default, the pipe name is MySQL (not case sensitive).

• To specify a different name, use the --socket option.


Shared memory

• MySQL supports shared-memory connections on Windows, but this capability is disabled by default


Shared Memory• The following table shows the allowable --protocol option values

and indicates the platforms on which each value may be used. The values are not case sensitive.

• On Windows, the shared-memory name to use, for connections made via shared memory to a local server. The default value is MYSQL. The shared-memory name is case sensitive.

• The server must be started with the --shared-memory option to enable shared-memory connections.

http://dev.mysql.com/doc/refman/5.1/en/connecting.html#option_general_protocol

http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_shared-memory


Bind the TCP/IP Address

• In some situations it is not possible to disable TCP/IP networking even when the server will only be needed for requests from localhost.

• add the following to the [mysqld] section of your server configuration file:– bind-address=127.0.0.1

• This will cause the MySQL server to respond only to requests from localhost, and ignore all requests from the machine's network interfaces.

• http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html


Managing MySQL User Accounts• Grant tables in the mysql database• CREATE USER, DROP USER, and RENAME USER create,

remove, and rename MySQL accounts.• GRANT specifies account privileges (and creates

accounts if they do not exist).• REVOKE removes privileges from existing MySQL

accounts.• SET PASSWORD assigns passwords to existing accounts.• SHOW GRANTS displays the privileges held by existing

accounts.


Grant Table


Grant Table

• Manipulate the contents of the grant tables directly by issuing SQL statements like INSERT and UPDATE.

• GRANT and REVOKE make it easier to manage user accounts by acting as a front end to the grant tables.


High-Level MySQL Account Management

• CREATE USER creates a new account and optionally assigns a password:

CREATE USER account [IDENTIFIED BY 'password'];CREATE USER grants no privileges

• DROP USER removes an existing account DROP USER account;

• RENAME USER changes the name of an existing account:– RENAME USER from_account TO to_account;


CREATE USER

• asking these questions:• What is the user's name?• From which host or hosts should the user be

able to connect?• What is the user's password?


Specifying Account Names• CREATE USER consists of a username and hostname in

'user_name'@'host_name' format• You specify not only who can connect but from where. • This enables you to set up separate accounts for two users

who have the same name but that connect from different locations.

• MySQL lets you distinguish between them and assign privileges to each one independent of the other.

• The server stores the user_name and host_name values in the User and Host columns of the user table row for the account, and in any other grant table rows associated with the account.


Root access

• There also is nothing special about the name root that is used for the MySQL superuser that can do anything.


User access

• At one extreme, you can limit access to a single host if you know users will be connecting only from that host:

• CREATE USER 'boris'@'localhost' IDENTIFIED BY 'frost'; • CREATE USER 'fred'@'ares.mars.net' IDENTIFIED BY 'steam';


User Access

• Enabling a user to connect only from a single host is the strictest form of access you can allow.

• At the other extreme, you might have a user who travels a lot and needs to be able to connect from hosts all over the world.

• If the user's name is max, you can enable him to connect from anywhere like this:

• CREATE USER 'max'@'%' IDENTIFIED BY 'mist';


User access

• The '%' character functions as a wildcard with the same meaning as in a LIKE pattern match.

• a hostname specifier, % means "any host." • This is the easiest way to set up a user, but it's

also the least secure.


User access

• To take a middle ground, you can enable a user to connect from a limited set of hosts.

• For example, to enable mary to connect from any host in the snake.net domain,

• use a host specifier of %.snake.net:• CREATE USER 'mary'@'%.snake.net'

IDENTIFIED BY 'fog';


User access

• The host part of the account value can be given using an IP number rather than a hostname


User access• CREATE USER 'joe'@'192.168.128.3' IDENTIFIED BY 'water'; • CREATE USER 'ardis'@'192.168.128.%' IDENTIFIED BY 'snow';• CREATE USER 'rex'@'192.168.128.0/255.255.255.0' IDENTIFIED BY 'ice';


User access

• The first of the statements indicates a specific single address, 192.168.128.3, from which the user can connect.

• The second specifies an IP pattern for the 192.168.128 Class C subnet.

• In the third statement, 192.168.128.0/255.255.255.0 specifies a netmask that has the first 24 bits turned on.


User access

• On Windows, the user can connect by specifying a host value of localhost or 127.0.0.1.

• Both of these connections are made using TCP/IP, except that if the server supports shared-memory connections, a connection to localhost is made using shared memory by default.


Granting Privileges - Syntax

• GRANT privileges (columns) • ON what • TO account [IDENTIFIED BY 'password']

[REQUIRE encryption requirements] • [WITH grant or resource management

options];


Grant

• If the named account exists, GRANT modifies its privileges.

• If the account does not exist, GRANT creates it with the given privileges.

• To avoid the possibility of GRANT creating a new account that has no password (and thus is insecure), enable the NO_AUTO_CREATE_USER SQL mode.


Grant - privileges

• privileges indicates the privileges to assign to the account.

• For example, the SELECT privilege enables a user to issue SELECT statements

• SHUTDOWN privilege enables the user to shut down the server.

• Multiple privileges can be named, separated by commas.


Grant - columns

• columns indicates the columns to which a privilege applies, separated by commas and listed within parentheses.

• This is optional, and you use it only to set up column-specific privileges.

• The column list must follow the name of each privilege to which it applies.


Grant - What

• what indicates the level at which the privileges apply.

• The most powerful level is the global level, for which any given privilege applies to all databases and all tables.

• Global privileges can be thought of as superuser privileges.

• Privileges also can be made database-specific, table-specific, column-specific.


Grant - account

• Account – which account is granted the privileges

• 'user_name'@'host_name‘


Grant - password

• Password indicates the password to assign to the account.

• This is optional and is unnecessary if the account already exists and has a password.

• If you include the IDENTIFIED BY clause for an existing account, the new password replaces the current one.

• GRANT will encode the password for you;


Grant - require• The REQUIRE and WITH clauses are optional. • REQUIRE is used for setting up accounts that must connect

over secure connections using SSL. • WITH is used to grant the GRANT OPTION privilege that

enables the account to give its own privileges to other users.

• WITH also is used to specify resource management options that enable you to place limits on how many connections or statements an account can use per hour. – These options help you prevent the account from hogging the

server.


Questions for Grant Statement

• What type of access should the account be given? That is, what level of privileges should the user have, and what should they apply to?

• Are secure connections required?• Should the user be allowed to administer privileges?• Should the user's resource consumption be limited?• The following sections show how to answer these

questions and provide examples that illustrate how to use the various clauses of the GRANT statement.


Admin Privileges with Grant


Miscellaneous Privileges

• ALL [Privileges] : All operations (except GRANT)

• Usage: A special “no privileges” privilege

chapter 12

Documents

mysql server

mysql database

user mysql developers

pual dubios

initial mysql accountsaccounts

current versions of

root accounts

anonymous accounts