No MySQL Sandbox user seems to have WITH GRANT OPTION
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Sandbox |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I'm looking at The MySQL Sandbox, version 3.0.66 and notice the grants for make_replicatio
which are under .../rsandbox_
...
grant all on *.* to msandbox@'127.%' identified by 'msandbox';
grant all on *.* to msandbox@
...
This is the "super" user.
However, I notice that there is now WITH GRANT OPTION specified.
This means I am unable to add grants for new user users as part of a test infrastructure with MaxScale and MySQL as new grants are needed and I want to apply them on the master and let them replicate down to the slaves. This does not work with the current setup.
The error I get when I try this is:
$ ~/sandboxes/
master [localhost] {msandbox} ((none)) > create user 'some_user'@'127.%' identified by 'something';
Query OK, 0 rows affected (0.01 sec)
master [localhost] {msandbox} ((none)) > grant select on test.* to 'some_user'
ERROR 1044 (42000): Access denied for user 'msandbox'
master [localhost] {msandbox} ((none)) > show grants;
+------
| Grants for msandbox@localhost |
+------
| GRANT ALL PRIVILEGES ON *.* TO 'msandbox'
+------
1 row in set (0.00 sec)
master [localhost] {msandbox} ((none)) > select @@version;
+------------+
| @@version |
+------------+
| 5.6.26-log |
+------------+
1 row in set (0.00 sec)
My normal root type user (not using MySQL sandbox) has grants like this:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;
Note: My intention here is to _replicate_ grants as this works fine and avoids me setting up grants on the master + 2 slaves in this case.
So please consider changing the grants file along these lines:
[~/sandboxes/
--- grants.mysql.orig 2015-08-18 13:08:20.000000000 +0200
+++ grants.mysql 2015-08-18 13:08:52.000000000 +0200
@@ -1,8 +1,8 @@
use mysql;
set password=
-grant all on *.* to msandbox@'127.%' identified by 'msandbox';
-grant all on *.* to msandbox@
+grant all on *.* to msandbox@'127.%' identified by 'msandbox' with grant option;
+grant all on *.* to msandbox@
grant SELECT,
SHOW DATABASES,CREATE TEMPORARY TABLES,LOCK TABLES, EXECUTE
on *.* to msandbox_
This is not a bug. You can already run the grant command using the root user, which has the grant privilege:
~/sandboxes/ rsandbox_ mysql-5_ 6_26/m -u root
master [localhost] {root} ((none)) > show grants for root@'localhost'\G ******* ******* ****** 1. row ******* ******* ******* ****** ******* ******* ****** 2. row ******* ******* ******* ******
*******
Grants for root@localhost: GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
*******
Grants for root@localhost: GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
2 rows in set (0.00 sec)
master [localhost] {root} ((none)) > show grants for msandbox@'127.%'\G ******* ******* ****** 1. row ******* ******* ******* ******
*******
Grants for msandbox@127.%: GRANT ALL PRIVILEGES ON *.* TO 'msandbox'@'127.%'
1 row in set (0.00 sec)
master [localhost] {root} ((none)) > show grants for msandbox_ rw@'127. %'\G ******* ******* ****** 1. row ******* ******* ******* ****** rw'@'127. %'
*******
Grants for msandbox_rw@127.%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE ON *.* TO 'msandbox_
1 row in set (0.00 sec)
master [localhost] {root} ((none)) > show grants for msandbox_ ro@'127. %'\G ******* ******* ****** 1. row ******* ******* ******* ****** ro'@'127. %'
*******
Grants for msandbox_ro@127.%: GRANT SELECT, EXECUTE ON *.* TO 'msandbox_
1 row in set (0.00 sec)
Similarly, you can use a less privileged user
~/sandboxes/ rsandbox_ mysql-5_ 6_26/m -u msandbox_rw
~/sandboxes/ rsandbox_ mysql-5_ 6_26/m -u msandbox_ro