|
|
(20 intermediate revisions by 4 users not shown) |
Line 1: |
Line 1: |
| <div class="title">How to reduce Open-Xchange database user privileges for existing installations</div>
| | {{Migration|title=DB-User Privileges|link=https://documentation.open-xchange.com/7.10.2/middleware/administration/db_user_privileges.html}} |
| | |
| '''Summary''': This article tells you how to reduce the database user privileges in existing Open-Xchange installations to those at least required ones. Changing the existing <code>ALL PRIVILEDGES</code> to the provided minimum set will have no implications for running the server.
| |
| | |
| The minimum required set of privileges is: CREATE, LOCK TABLES, REFERENCES, INDEX, DROP, DELETE, ALTER, SELECT, UPDATE, INSERT, CREATE TEMPORARY TABLES, SHOW VIEW, ALTER ROUTINE, CREATE ROUTINE and SHOW DATABASES.
| |
| | |
| __TOC__
| |
| | |
| == Change of existing privileges ==
| |
| 1. Login to mysql using root user.
| |
| | |
| 2. Detect the existing Open-Xchange users: <code>select user,host from mysql.user;</code>
| |
| | |
| The output will look like:
| |
| <code>
| |
| +------------------+-----------+
| |
| | user | host | | |
| +------------------+-----------+
| |
| | openexchange | % |
| |
| | root | 127.0.0.1 |
| |
| </code>
| |
| | |
| 3. Detect all existing privileges for the Open-Xchange user above: <code>show grants for '<openexchange_user_from_table_above>'@'<openexchange_host_from_table_above>';</code>
| |
| | |
| The output will look like:
| |
| <code>
| |
| TODO
| |
| </code>
| |
| | |
| 4. Revoke all existing privileges for the Open-Xchange user above: <code>revoke all privileges on *.* from '<openexchange_user_from_table_above>'@'<openexchange_host_from_table_above>';</code>
| |
| | |
| Hint: This must be executed for each displayed line from 3. Without revoking privileges you will have duplicates.
| |
| | |
| 5. Create new privileges: <code>GRANT CREATE, LOCK TABLES, REFERENCES, INDEX, DROP, DELETE, ALTER, SELECT, UPDATE, INSERT, CREATE TEMPORARY TABLES, SHOW VIEW, ALTER ROUTINE, CREATE ROUTINE, SHOW DATABASES ON *.* TO '<YOUR_CONFIG_DB_USER>'@'%' IDENTIFIED BY '<YOUR_CONFIG_DB_PASS>' WITH GRANT OPTION;</code>
| |
| | |
| 6. Write new privileges: <code>flush privileges;</code>
| |
| | |
| [[Category: OX7]]
| |
| [[Category: AppSuite]]
| |
| [[Category: Administrator]]
| |
| [[Category: Database]]
| |
| [[Category: Security]]
| |