[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Information about user privileges is stored in the user
, db
,
host
, tables_priv
, and columns_priv
tables in the
mysql
database (that is, in the database named mysql
). The
MySQL server reads the contents of these tables when it starts
and under the circumstances indicated in 5.5.2 When Privilege Changes Take Effect.
The names used in this manual to refer to the privileges provided by
MySQL version 4.0.2 are shown here, along with the table column name
associated with each privilege in the grant tables and the context in
which the privilege applies. Further information about the meaning of
each privilege may be found at GRANT
.
Privilege | Column | Context |
ALTER | Alter_priv | tables |
DELETE | Delete_priv | tables |
INDEX | Index_priv | tables |
INSERT | Insert_priv | tables |
SELECT | Select_priv | tables |
UPDATE | Update_priv | tables |
CREATE | Create_priv | databases, tables, or indexes |
DROP | Drop_priv | databases or tables |
GRANT | Grant_priv | databases or tables |
REFERENCES | References_priv | databases or tables |
CREATE TEMPORARY TABLES | Create_tmp_table_priv | server administration |
EXECUTE | Execute_priv | server administration |
FILE | File_priv | file access on server |
LOCK TABLES | Lock_tables_priv | server administration |
PROCESS | Process_priv | server administration |
RELOAD | Reload_priv | server administration |
REPLICATION CLIENT | Repl_client_priv | server administration |
REPLICATION SLAVE | Repl_slave_priv | server administration |
SHOW DATABASES | Show_db_priv | server administration |
SHUTDOWN | Shutdown_priv | server administration |
SUPER | Super_priv | server administration |
The SELECT
, INSERT
, UPDATE
, and DELETE
privileges allow you to perform operations on rows in existing tables in
a database.
SELECT
statements require the SELECT
privilege only if they
actually retrieve rows from a table. Some SELECT
statements do not
access tables, so they can be executed even without permission for any of
the databases on the server. For example, you can use the mysql
client as a simple calculator:
mysql> SELECT 1+1; mysql> SELECT PI()*2; |
The INDEX
privilege allows you to create or drop (remove) indexes.
The ALTER
privilege allows you to use ALTER TABLE
.
The CREATE
and DROP
privileges allow you to create new
databases and tables, or to drop (remove) existing databases and tables.
Note that if you grant the DROP
privilege for the mysql
database to a user, that user can drop the database in which the
MySQL access privileges are stored!
The GRANT
privilege allows you to give to other users those
privileges you yourself possess.
The FILE
privilege gives you permission to read and write files on
the server using the LOAD DATA INFILE
and SELECT ... INTO
OUTFILE
statements. Any user to whom this privilege is granted can read
any world-readable file accessable by the MySQL server and create a new
world-readable file in any directory where the MySQL server can write.
The user can also read any file in the current database directory.
However, the user cannot change any existing file.
The remaining privileges are used for administrative operations. Many of
them can be performed by using using the mysqladmin
program or by
issuing SQL statements. The following table shows which mysqladmin
commands each administrative privilege allows you to execute:
Privilege | Commands permitted to privilege holders |
RELOAD | refresh , reload , flush-hosts , flush-logs , flush-privileges , flush-status , flush-threads , and flush-tables |
SHUTDOWN | shutdown |
PROCESS | processlist |
SUPER | kill |
The reload
command tells the server to re-read the grant tables. The
refresh
command flushes all tables and opens and closes the log
files. flush-privileges
is a synonym for reload
. The other
flush-*
commands perform functions similar to refresh
but are
more limited in scope, and may be preferable in some instances. For example,
if you want to flush just the log files, flush-logs
is a better choice
than refresh
.
The shutdown
command shuts down the server. This command can be issued
only from mysqladmin
. There is no corresponding SQL statement.
The processlist
command displays information about the threads
executing within the server (that is, about the statements that other
clients are executing). The kill
command kills server threads.
You can always display or kill your own threads, but you need the
PROCESS
privilege to display threads initiated by other users and
and the SUPER
privilege to kill them.
See section KILL
.
It is a good idea in general to grant privileges only to those users who need them, but you should exercise particular caution in granting administrative privileges:
GRANT
privilege allows users to give their privileges to
other users. Two users with different privileges and with the GRANT
privilege are able to combine privileges.
ALTER
privilege may be used to subvert the privilege system
by renaming tables.
FILE
privilege can be abused to read into a database table
any world-readable file on the server host or any file in the server's data
directory. The contents of that table can then be accessed
using SELECT
.
SHUTDOWN
privilege can be abused to deny service to other
users entirely by terminating the server.
PROCESS
privilege can be used to view the plain text of
currently executing queries, including queries that set or change passwords.
SUPER
privilege can be used to terminate other clients or change
how the server operates.
mysql
database itself can be used to
change passwords and other access privilege information. (Passwords are
stored encrypted, so a malicious user cannot simply read them to know the
plain text password.) If they can access the mysql.user
password
column, they can use it to log into the MySQL server for the given user.
(With sufficient privileges, the same user can replace a password with a
different one.)
There are some things that you cannot do with the MySQL privilege system:
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |