| Bug #2800 | SHOW DATABASES restriction can not coincide with ability to lock tables | ||
|---|---|---|---|
| Submitted: | 14 Feb 2004 20:51 | Modified: | 16 Feb 2004 8:50 |
| Reporter: | Michael Krieger | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.0.17 | OS: | Linux (Linux 2.4.x) |
| Assigned to: | Dean Ellis | CPU Architecture: | Any |
[14 Feb 2004 20:57]
Michael Krieger
Please delete this bug. I just realized that lock tables works on a per-table basis, however my frontend wasn't showing that.
[16 Feb 2004 8:50]
Dean Ellis
Not a bug, as noted.
Description: If a user has the LOCK TABLES permission or CREATE TEMPORARY TABLES permission (which can only be set on a global level and not on a per-database level), the show datbases restriction (the lack of the show databases privilege on a global level) will show all databases despite the option being 'N' in the MySQL grant tables. How to repeat: have a user with no global privs ('N') and show databases will show only the databases which permission is granted for. Add the lock tables permission and the system desplays all databases. Suggested fix: these privileges, which reflect whether a user can lock tables on databases they own, should not enable them to see all databases. This is a privacy concern for many shared database servers, as some users may have this privilege. The calculation of the show databases privilege should rely solely on the global 'show databases' privilege in the grant tables or the permission to global databases.