Bug #54371 | Privileges required to use --events option for mysqldump | ||
---|---|---|---|
Submitted: | 9 Jun 2010 15:32 | Modified: | 10 Jun 2010 12:51 |
Reporter: | Manuel Rüter | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 5.1.44, 5.1.49-bzr | OS: | Linux |
Assigned to: | CPU Architecture: | Any | |
Tags: | events, mysqldump, privileges, show |
[9 Jun 2010 15:32]
Manuel Rüter
[9 Jun 2010 15:52]
Valeriy Kravchuk
Can you, please, provide the results of SHOW GRANTS statement for your user? Look: valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysql -uuser1 -puser1 test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 18 Server version: 5.1.48-debug Source distribution Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL v2 license Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants; +--------------------------------------------------------------------------------------------------------------+ | Grants for user1@localhost | +--------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*34D3B87A652E7F0D1D371C3DBF28E291705468C4' | | GRANT ALL PRIVILEGES ON `test`.* TO 'user1'@'localhost' | +--------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> exit Bye valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysqldump -uuser1 -puser1 test > /tmp/dump1.sql valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysqldump -uuser1 -puser1 --events test > /tmp/dump1.sql I do not see any problems like yours in this case.
[10 Jun 2010 12:32]
Manuel Rüter
Hello Valeriy, here the information you requested: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 419531 Server version: 5.1.44 Gentoo Linux mysql-5.1.44-r1 Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL v2 license Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants +-----------------------------------------------------------------------------+ | Grants for someuser@172.16.0.0/255.240.0.0 +-----------------------------------------------------+ | GRANT USAGE ON *.* TO 'someuser'@'172.16.0.0/255.240.0.0' IDENTIFIED BY PASSWORD 53616e455442c041' | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `some_db_name`.* TO 'someuser'@'172.16.0.0/255.240.0.0' | As I have written before I receive no error message if the user has the events privilege. This is why it works in your example because you granted ALL PRIVILEGES ON `test`.* TO 'user1'@'localhost' I just think it does not make sense having to grant the events privilege to all users in order to be able to use them with mysqldump. And again, as you can see my user does not have the triggers privilege but I can use the --triggers option with mysqldump without an error. I think it should work in the same way for --events.
[10 Jun 2010 12:51]
Valeriy Kravchuk
You are right: valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysql -uuser1 -puser1 test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.1.49-debug Source distribution Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL v2 license Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants; +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for user1@localhost | +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'user1'@'localhost' IDENTIFIED BY PASSWORD '*34D3B87A652E7F0D1D371C3DBF28E291705468C4' | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `test`.* TO 'user1'@'localhost' | +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> exit Bye valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysqldump -uuser1 -puser1 --triggers test > /tmp/dump1.sql valeriy-kravchuks-macbook-pro:5.1 openxs$ bin/mysqldump -uuser1 -puser1 --events test > /tmp/dump1.sql mysqldump: Couldn't execute 'show events': Access denied for user 'user1'@'localhost' to database 'test' (1044)