Adding new users to MySQL Databases
Posted by Steve on Fri 5 Nov 2004 at 16:44
Many webhosting companies will offer people who signup with them a single MySQL database for their use. This would allow their customers to run a single database based application, anything from a DVD database to an online photo gallery.
If you have a server of your own it makes a lot of sense to replicate this setup - for each database application you wish to use create a specific database to hold its data and create a dedicated user to access it.
This means that if the application is vulnerable to a security problem only the single database is compromised.
Other reasons to create new users are to allow other users to share your database - if you have a virtual server for example.
Creating a new database and associated user involves using the mysql client command.
When you install the mysql-server package on Debian you will by default end up with a superuser account setup for the database server root with an empty password.
Hopefully you've changed that afterwards.
If you want to create a new user paul with a database that they have full control over we will run the following commands:
Note that 'mysql>' is the command prompt for the client program mysql, its not something you must type yourself.
# # Connect to the local database server as user root # You will be prompted for a password. # mysql -h localhost -u root -p # # Now we see the 'mysql>' prompt and we can run # the following to create a new database for Paul. # mysql> create database pauldb; Query OK, 1 row affected (0.00 sec) # # Now we create the user paul and give him full # permissions on the new database mysql> grant CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost; Query OK, 0 rows affected (0.00 sec) # # Next we set a password for this new user # mysql> set password for paul = password('mysecretpassword'); Query OK, 0 rows affected (0.00 sec) # # Cleanup and ext mysql> flush privileges; mysql> exit;
Once all this has done you have created a new user with complete control over the contents of the database pauldb - the user can create new tables, delete them and generally use the database.
Note that this new user will have no other access to the server, only the dabase that you gave them permissions on.