diff options
| author | unknown <thek@adventure.(none)> | 2007-12-07 15:39:41 +0100 |
|---|---|---|
| committer | unknown <thek@adventure.(none)> | 2007-12-07 15:39:41 +0100 |
| commit | 5826a5c490df8540fbc2b5bed6efad38723619c3 (patch) | |
| tree | e38a712e17087a0838ba2993e6823e49c0e032e5 /mysql-test/r/read_only.result | |
| parent | b8a19c228ce93ff5e57d7d122d8d5a74236670f6 (diff) | |
| download | mariadb-git-5826a5c490df8540fbc2b5bed6efad38723619c3.tar.gz | |
Bug #27440 read_only allows create and drop database
When read_only option was enabled, a user without SUPER privilege could
perform CREATE DATABASE and DROP DATABASE operations.
This patch adds a check to make sure this isn't possible. It also attempts to
simplify the logic used to determine if relevant tables are updated,
making it more human readable.
mysql-test/r/read_only.result:
Updated result file
mysql-test/t/read_only.test:
A test case is added which shows that it is not possible to drop or create a
database in read-only mode despite having the GRANT permissions to do so,
SUPER user excepted.
sql/sql_parse.cc:
- Simplified complex predicate by grouping it in a read friendly way.
- Added predicate to fail on database updates while running in read-only
mode.
Diffstat (limited to 'mysql-test/r/read_only.result')
| -rw-r--r-- | mysql-test/r/read_only.result | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/mysql-test/r/read_only.result b/mysql-test/r/read_only.result index 69d25fbef6f..827a137f5b2 100644 --- a/mysql-test/r/read_only.result +++ b/mysql-test/r/read_only.result @@ -46,4 +46,35 @@ Warnings: Note 1051 Unknown table 'ttt' drop table t1,t2; drop user test@localhost; +# +# Bug #27440 read_only allows create and drop database +# +drop database if exists mysqltest_db1; +drop database if exists mysqltest_db2; +delete from mysql.user where User like 'mysqltest_%'; +delete from mysql.db where User like 'mysqltest_%'; +delete from mysql.tables_priv where User like 'mysqltest_%'; +delete from mysql.columns_priv where User like 'mysqltest_%'; +flush privileges; +grant all on mysqltest_db2.* to `mysqltest_u1`@`%`; +create database mysqltest_db1; +grant all on mysqltest_db1.* to `mysqltest_u1`@`%`; +flush privileges; +show grants for current_user(); +Grants for mysqltest_u1@% +GRANT USAGE ON *.* TO 'mysqltest_u1'@'%' +GRANT ALL PRIVILEGES ON `mysqltest_db2`.* TO 'mysqltest_u1'@'%' +GRANT ALL PRIVILEGES ON `mysqltest_db1`.* TO 'mysqltest_u1'@'%' +create database mysqltest_db2; +ERROR HY000: The MySQL server is running with the --read-only option so it cannot execute this statement +show databases like '%mysqltest_db2%'; +Database (%mysqltest_db2%) +drop database mysqltest_db1; +ERROR HY000: The MySQL server is running with the --read-only option so it cannot execute this statement +delete from mysql.user where User like 'mysqltest_%'; +delete from mysql.db where User like 'mysqltest_%'; +delete from mysql.tables_priv where User like 'mysqltest_%'; +delete from mysql.columns_priv where User like 'mysqltest_%'; +flush privileges; +drop database mysqltest_db1; set global read_only=0; |