Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

MySQL: Grant Privileges followed by Flush Privileges has not effect, no error (logged in as root)

Tags:

mysql

privileges

remote-access

I and a teammember are stumped because commands to grant privileges to a remote user are failing, but with no error. The new user was successfully added to mysql.user using CREATE USER, but GRANT PRIVILEGES followed by FLUSH PRIVILEGES isn't affecting the grants table. Both these commands are supposed to say 'Query OK. 0 rows affected,' which they do. But then SHOW GRANTS doesn't show the new privileges, nor can we log in with that username from the specified remote ip. Can anyone explain the following behavior?

mysql> SELECT CURRENT_USER();     ///I'm definitely in as root user
+----------------+
| CURRENT_USER() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'myNewUser'@'remoteIP';  //grant to existing user
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW GRANTS;

 | Grants for root@localhost                                                                                                                   

| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD           '*////TakenOut///' WITH GRANT OPTION |
 | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION                                                                              
2 rows in set (0.00 sec)

I would expect a 3rd row with privileges for 'myNewUser'.

like image 395
devney Avatar asked Dec 27 '22 19:12

devney

1 Answers

The SHOW GRANTS statement shows the grants for the current user. In your case, for root@localhost. So you shouldn't be expecting to see a third row with privileges for myNewUser.

Rather, query the mysql.user table...

SELECT * FROM mysql.user WHERE User = 'myNewUser'

I would verify that the password is set for 'myNewUser'@'remoteip'. (MySQL identifies a "user" by the combination of the username and the host. The user 'myNewUser'@'thisip' is a different user than 'myNewUser'@'thatip'.)

Also, we have this setting in our MySQL my.cnf files:

# Disable DNS Lookup (use IP addresses only)
skip-name-resolve

So we use IP addresses, rather than hostnames. (This avoids the connect problems that occur when DNS can't do a DNS reverse lookup from the IP address to get a hostname.)

http://dev.mysql.com/doc/refman/5.1/en/host-cache.html

Bottom line is that MySQL does a "reverse lookup" of an IP address to get a hostname. If it can't get a hostname for a given IP address, connections from the IP address will fail.

like image 92
spencer7593 Avatar answered Apr 12 '23 23:04

spencer7593
Sign in to Comment

Related questions

MySQL - Getting the top-level parent id in a hierarchy
MySQL drop table
twitter-style follower/following/friend sql query
Why does PDO manual say that SQL injection is still possible with PDO?
MySQL - can't get a left outer join with a count(*) to return the items where count = 0
Why aren't RedBean's transaction functions working?
How to group IP list by subnet in MySQL?
Does using prepared statements in MySQL prevent SQL injection attacks?
Using Prepared Statement in C# with Mysql
What is the advantage of relationships between tables in sql?
insert korean characters to mysql
Error 1054, "Unknown column 'student_info.id' in 'field list'" - Django
Terminal mysql queries
How to check if a table already exists in the database by using MySQL?
MySQL: Group Values
Editing data from MySQL via PHP
MySQL table type for money [duplicate]
Implement different user level views in php [duplicate]
Whats faster file_exists or DB retrieval?
GROUP BY two fields in mysql

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!