1
======================================
2
Privileges and Permissions for Users
3
======================================
5
We will be referring to "permissions" to the ability of a user to access and perform changes on the relevant parts of the host's filesystem, starting/stopping services and installing software.
7
By "privileges" we refer to the abilities of a database user to perform different kinds of actions on the database server.
13
There are many ways for checking the permission on a file or directory. For example, ``ls -ls /path/to/file`` or ``stat /path/to/file | grep Access`` will do the job: ::
15
$ stat /etc/mysql | grep Access
16
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
17
Access: 2011-05-12 21:19:07.129850437 -0300
18
$ ls -ld /etc/mysql/my.cnf
19
-rw-r--r-- 1 root root 4703 Apr 5 06:26 /etc/mysql/my.cnf
21
As in this example, ``my.cnf`` is owned by ``root`` and not writable for anyone else. Assuming that you do not have ``root`` 's password, you can check what permissions you have on this types of files with ``sudo -l``: ::
25
You may run the following commands on this host:
27
(root) NOPASSWD: /etc/init.d/mysqld
28
(root) NOPASSWD: /bin/vi /etc/mysql/my.cnf
29
(root) NOPASSWD: /usr/local/bin/top
30
(root) NOPASSWD: /usr/bin/ls
33
Being able to execute with ``sudo`` scripts in ``/etc/init.d/``, ``/etc/rc.d/`` or ``/sbin/service`` is the ability to start and stop services.
35
Also, If you can execute the package manager of your distribution, you can install or remove software with it. If not, having ``rwx`` permission over a directory will let you do a local installation of software by compiling it there. This is a typical situation in many hosting companies' services.
37
There are other ways for managing permissions, such as using *PolicyKit*, *Extended ACLs* or *SELinux*, which may be preventing or allowing your access. You should check them in that case.
39
At a database server level
40
--------------------------
42
To query the privileges that your database user has been granted, at a console of the server execute: ::
46
or for a particular user with: ::
48
mysql> SHOW GRANTS FOR 'db-user'@'host';
50
It will display the privileges using the same format as for the `GRANT statement <http://dev.mysql.com/doc/refman/5.1/en/show-grants.html>`_.
52
Note that privileges may vary across versions of the server. To list the exact list of privileges that your server support (and a brief description of them) execute: ::
54
mysql> SHOW PRIVILEGES;