仅具有USAGE特权的新用户就可以删除表(MySQL)
[英]New user with just USAGE previleges was able to drop a table (MySQL)
问题描述
I logged into MySQL from root user. 
我登录到MySQL的root用户。
Ran the command:- 跑命令:
create user new;
Then I logged in as user new. 然后我登录的新用户。 Ran the following commands:- 运行以下命令:
use test;
show grants;
The Output was:- 输出为:-
GRANT USAGE ON *.* TO ''@'LOCALHOST'
As I understand, the new user does not have the drop table permissions or any permissions for that matter (except USAGE) on this table. 据我了解,新用户对此表不具有删除表权限或与此相关的任何权限(USAGE除外)。
However when I run the following:- 但是,当我运行以下命令:
DROP TABLE test_table;
The query is successful. 查询成功。 Could you please explain why is this happening? 您能解释一下为什么会这样吗? How do I disable this user from dropping tables and revoke other permissions from this user. 如何禁止该用户删除表并撤消该用户的其他权限。
Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
0 2012-11-05 17:59:06
According to the manual , there is more you need to consider: 根据手册 ,您还需要考虑以下事项:
SHOW GRANTS displays only the privileges granted explicitly to the named account.
解决方案2
0 2012-11-05 18:04:26
http://dev.mysql.com/doc/refman/5.1/en/create-user.html mentions CREATE USER creates a new row in the mysql.user table and assigns the account no privileges. http://dev.mysql.com/doc/refman/5.1/en/create-user.html提到CREATE USER在mysql.user表中创建新行,并没有为该帐户分配特权。 What do you get when you run SHOW GRANTS FOR CURRENT_USER with user new? 使用新用户运行SHOW GRANTS FOR CURRENT_USER会得到什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.