Adding new users to MySQL Databases
Posted by Steve on Fri 5 Nov 2004 at 16:44
Many webhosting companies will offer people who signup with them a single MySQL database for their use. This would allow their customers to run a single database based application, anything from a DVD database to an online photo gallery.
If you have a server of your own it makes a lot of sense to replicate this setup - for each database application you wish to use create a specific database to hold its data and create a dedicated user to access it.
This means that if the application is vulnerable to a security problem only the single database is compromised.
Other reasons to create new users are to allow other users to share your database - if you have a virtual server for example.
Creating a new database and associated user involves using the mysql client command.
When you install the mysql-server package on Debian you will by default end up with a superuser account setup for the database server root with an empty password.
Hopefully you've changed that afterwards.
If you want to create a new user paul with a database that they have full control over we will run the following commands:
Note that 'mysql>' is the command prompt for the client program mysql, its not something you must type yourself.
#
# Connect to the local database server as user root
# You will be prompted for a password.
#
mysql -h localhost -u root -p
#
# Now we see the 'mysql>' prompt and we can run
# the following to create a new database for Paul.
#
mysql> create database pauldb;
Query OK, 1 row affected (0.00 sec)
#
# Now we create the user paul and give him full
# permissions on the new database
mysql> grant CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost;
Query OK, 0 rows affected (0.00 sec)
#
# Next we set a password for this new user
#
mysql> set password for paul = password('mysecretpassword');
Query OK, 0 rows affected (0.00 sec)
#
# Cleanup and ext
mysql> flush privileges;
mysql> exit;
Once all this has done you have created a new user with complete control over the contents of the database pauldb - the user can create new tables, delete them and generally use the database.
Note that this new user will have no other access to the server, only the dabase that you gave them permissions on.
Posted by Anonymous on Tue 30 Nov 2004 at 13:47
If you use
mysql> grant CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost identified by 'secretpassword';
Then you don't need to flush the grant tables.
[ Parent | Reply to this comment ]
Posted by Anonymous (81.170.xx.xx) on Thu 14 Jun 2007 at 02:32
grant CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost;
so fundamental wrong.
Whatif paul want to DROP table he have made?
grant DROP,CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost;
is more nice.
so fundamental wrong.
Whatif paul want to DROP table he have made?
grant DROP,CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost;
is more nice.
[ Parent | Reply to this comment ]
Posted by Anonymous (216.138.xx.xx) on Wed 31 May 2006 at 00:04
instead of this -->
mysql> set password for paul = password('mysecretpassword');
use this command-->
mysql> set password for paul@localhost = password('mysecretpassword');
mysql> set password for paul = password('mysecretpassword');
use this command-->
mysql> set password for paul@localhost = password('mysecretpassword');
[ Parent | Reply to this comment ]
Posted by Anonymous (149.99.xx.xx) on Thu 1 Jun 2006 at 23:52
Sometimes (most of the time, actually) the only thing people really need is to get their heads oriented -- and this usually means working thru some short, simple, focused, crystal-clear introduction to the subject; with copious examples. They certainly don't need the beginning of a user's manual -- which is what they usually get.
This piece here is a good example of that type of time-saver. Job well done! Please continue.
;)
This piece here is a good example of that type of time-saver. Job well done! Please continue.
;)
[ Parent | Reply to this comment ]
Posted by Anonymous (201.37.xx.xx) on Sat 10 Jun 2006 at 02:38
Please consider that tis article is outdated, since with mysql 5 the syntax of the some commands have changed. Please refer to:
http://dev.mysql.com/doc/refman/5.0/en/adding-users.html
http://dev.mysql.com/doc/refman/5.0/en/adding-users.html
[ Parent | Reply to this comment ]
Posted by Anonymous (59.94.xx.xx) on Thu 3 May 2007 at 09:09
I don't know whats the problem, the new user I just created is being denied access by the server for some odd reason.
[ Parent | Reply to this comment ]
Posted by Anonymous (81.170.xx.xx) on Mon 25 Jun 2007 at 02:05
mysql -h localhost -u root -p
mysql> create database paul;
mysql> grant ALL on paul.* to paul@localhost;
mysql> set password for paul = password('foobar');
# 1) This will create a databse named paul
# 2) This grants ALL (all normal stuff) for paul in his database called paul.
# 3) This will set paul's password to foobar.
mysql> exit;
mysql> create database paul;
mysql> grant ALL on paul.* to paul@localhost;
mysql> set password for paul = password('foobar');
# 1) This will create a databse named paul
# 2) This grants ALL (all normal stuff) for paul in his database called paul.
# 3) This will set paul's password to foobar.
mysql> exit;
[ Parent | Reply to this comment ]
Posted by Anonymous (125.22.xx.xx) on Thu 13 Mar 2008 at 07:31
very easy to understand and good
[ Parent | Reply to this comment ]
Posted by Anonymous (64.122.xx.xx) on Wed 9 Jul 2008 at 17:44
I believe you need to change the password line to read as follows:
"SET PASSWORD FOR paul@localhost = PASSWORD('mysecretpassword');
Without the "@localhost" it wouldn't work for me.
"SET PASSWORD FOR paul@localhost = PASSWORD('mysecretpassword');
Without the "@localhost" it wouldn't work for me.
[ Parent | Reply to this comment ]