Bug #18189 LOAD DATA INFILE and SELECT INTO OUTFILE should be different privileges
Submitted: 13 Mar 2006 13:18 Modified: 23 Mar 2006 13:51
Reporter: Rob Blick Email Updates:
Status: Closed Impact on me:
Category:MySQL Server Severity:S4 (Feature request)
Version:5.0.18 OS:Linux (Linux)
Assigned to: CPU Architecture:Any

[13 Mar 2006 13:18] Rob Blick
I suggest separating LOAD DATA INFILE and SELECT INTO OUTFILE into two different privileges (instead of both sitting under the FILE privilege).  It is common for users to need to bulk load data into their databases with LOAD DATA LOCAL INFILE, but no user (other than DBAs/sysadmins) should have access to the filesystem on the database server.  As such, users really have no need for SELECT INTO OUTFILE.  Furthermore, granting them such a privilege is a security/performance risk, as they could execute SELECT INTO OUTFILE and dump data into the mysql directory structure, exhausting space on the server with files they will never be able to access.

How to repeat:
N/A - feature request

Suggested fix:
Split the FILE privilege into two privileges, such as LOAD (which allows LOAD DATA INFILE) and SELECT OUTFILE (which allows SELECT INTO OUTFILE).
[23 Mar 2006 13:51] Rob Blick
After reading the docs more closely, I see that LOAD DATA INFILE is treated separately from LOAD DATA INFILE and SELECT INTO OUTFILE.  The latter require FILE privs, whereas the former does not.  This behavior is correct - my apologies.  Let's close this feature request.