Bug #21117 Trouble with "create database"
Submitted: 18 Jul 2006 16:06 Modified: 18 Jul 2006 16:32
Reporter: Gerald Gruenberger Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1.20 OS:Linux (RHEL4)
Assigned to: CPU Architecture:Any

[18 Jul 2006 16:06] Gerald Gruenberger
Description:
I found another case linked with MySQL Bug #17647 
(http://bugs.mysql.com/bug.php?id=17647)

If you have database-rights on "s_mple", you can create
"sample, s1mple, s2mple, somple, ..." too.
The underscore seems to work like a wildcard.

I think this is the same bug as #17647 . OS filesystem feature tricks mysql's rights management.

MySQL-Versions: 4.1.20, 4.0.27
Plattform: Linux

How to repeat:
$ mysql -u root -p
Enter password: 
mysql> create database 's_mple';
mysql> grant all on s_mple.* to 'sample'@'%' identified by 'password';
mysql> \q
$ mysql -h my.mysql.server -u sample -p
mysql> create database s1mple;
Query OK, 1 row affected (0.00 sec)
mysql> create database s2mple;
Query OK, 1 row affected (0.00 sec)
mysql> create database s3mple;
Query OK, 1 row affected (0.00 sec)
mysql> create database s4mple;
Query OK, 1 row affected (0.00 sec)
mysql> create database sample;
Query OK, 1 row affected (0.00 sec)
mysql> create database sxmple;
Query OK, 1 row affected (0.01 sec)

mysql> show databases;
+----------+
| Database |
+----------+
| s1mple   |
| s2mple   |
| s3mple   |
| s4mple   |
| sample   |
| sxmple   |
+----------+
6 rows in set (0.00 sec)
mysql> \q
[18 Jul 2006 16:28] MySQL Verification Team
Thank you for the bug report. I will wait the patch for
http://bugs.mysql.com/bug.php?id=17647 is pushed for to
test this one.
[18 Jul 2006 16:32] Valeriy Kravchuk
Thank you for a problem report. It is not a duplicate of bug #17647. It is not a bug at all, according to the manual (http://dev.mysql.com/doc/refman/4.1/en/request-access.html):

"The wildcard characters ‘%’ and ‘_’ can be used in the Host and Db columns of either table. These have the same meaning as for pattern-matching operations performed with the LIKE operator. If you want to use either character literally when granting privileges, you must escape it with a backslash. For example, to include ‘_’ character as part of a database name, specify it as ‘\_’ in the GRANT statement."