Bug #6125 | Different behaviour by windows account ( admin vs. poweruser ) | ||
---|---|---|---|
Submitted: | 16 Oct 2004 7:55 | Modified: | 18 Jul 2006 17:01 |
Reporter: | Jaroslav Uher | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Administrator | Severity: | S2 (Serious) |
Version: | 1.0.13 | OS: | Windows (Windows NT SP6) |
Assigned to: | Michael G. Zinner | CPU Architecture: | Any |
Tags: | Generic |
[16 Oct 2004 7:55]
Jaroslav Uher
[21 Oct 2004 13:39]
Michael G. Zinner
MA needs to access the installed services which are not accessable by a "regular" user. This will not fix. The System Tray Monitor application just needs to read the services. I will check if I can reduce the privileges needed to do only a query of the services.
[1 Feb 2005 11:38]
Andreas Reidies
I can reproduce that behaviour and after logging out what kind of registry access the tray monitor does (using the regmon tool from sysinternals) I found that it requires FULL_ACCESS not only to the service node (HKLM\System\CurrentControlSet\Services\MySQL) BUT also to the root of the services node (HKLM\System\CurrentControlSet\Services). As I understand that FULL_ACCESS to HKLM\System\CurrentControlSet\Services\<MySQL-ServiceName> is REQUIRED, I don't understand the other one. Normally a QUERY_SUBFOLDERS and QUERY_VALUE should have been enough ! A possible solution is: * create a separate USER-GROUP (e.g. MySQL-Admins) and add your "normal" user account (could be PowerUser or User) to it * open the registry with administrative rights and add the FULL CONTROL to the reg-key HKLM\System\CurrentControlSet\Services\<MySQL-ServiceName> for this generated group (take into account that regedit will automatically add the access rights for this folder and all subfolders) * add the FULL CONTROL to the reg-key HKLM\System\CurrentControlSet\Services for your group and take care to give that access right ONLY TO THIS FOLDER (see Advanced options) * add the FULL CONTROL to the reg-key HKLM\Software\MySQL AB (even here: normal READ ACCESS and ENUM_VALUES should be enough for working within a normal user account) After LogOff / On again your normal user will have access to the service instance as usual. To change the instance configuration you will also have write access to the INI file for your MySQL service - take care to allow write and modify rights for group MySQL-Admins for this file also. Btw: I take a look into the sources for MySQL Admin / Querybrowser but as I didn't own Delphi nor have any experience with Delphi programming / libraries (I use VC++ all the time) I'm unable to add a fix for this - but I hope my description clears up those thing a little bit..... Best regard andi
[18 Jul 2006 17:01]
Michael G. Zinner
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release. If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at http://www.mysql.com/doc/en/Installing_source_tree.html