Description:
When I am logged into MySQL using a TCP/IP connection, I am unable to perform the GRANT PROXY command, even though I am logged in as root. However, if I connect to MySQL using the UNIX socket, I am able to successfully run the GRANT PROXY command.
NOTE: I am using the official MySQL container image on the Docker Hub, using Docker Desktop on Windows 10. See reproduction steps for specific details.
How to repeat:
First, spin up a MySQL 8.0.26 container and get an interactive Bash shell inside it.
docker run --name testmysqldeleteme --env MYSQL_ROOT_PASSWORD=123 --detach mysql:8.0.26
docker exec -it testmysqldeleteme bash
-----------------------------------------------------------------------------
Then in the interactive Bash shell:
mysql --user root --password=123 --host 127.0.0.1
In the MySQL shell:
# Enable the check_proxy_users feature
SET GLOBAL check_proxy_users = 1;
# Enable proxy users for the mysql_native_password authentication plugin;
SET GLOBAL mysql_native_password_proxy_users = 1;
# Enable the no-login plugin for MySQL
# https://dev.mysql.com/doc/refman/8.0/en/no-login-pluggable-authentication.html
INSTALL PLUGIN mysql_no_login SONAME 'mysql_no_login.so';
# Create two users
CREATE USER trevor IDENTIFIED WITH mysql_native_password BY 'Trevor123';
CREATE USER trevor_proxy IDENTIFIED WITH mysql_no_login;
# Grant proxy privileges
GRANT PROXY ON trevor_proxy TO trevor;
-----------------------------------------------------------------------------
NOTE: At this point, you should receive:
ERROR 1698 (28000): Access denied for user 'root'@'127.0.0.1'
Suggested fix:
I don't have any fixes to suggest. I am not familiar with the MySQL code base.