06.26.08
Don’t do it.
A bit of advice to anyone wanting to write an article on MySQL that includes setting up users: familiarize yourself with the concept of Least Privileges. That is, only grant those privileges absolutely necessary to do a job and nothing more. I just finished reading an article on how to set up RSyslog to log to a MySQL database. Halfway through the article is a listing showing the grant statement. I’ll share just the fun part:
grant ALL ON Syslog.* …
My first reaction when I see a “grant all” is to ask: why? Why does an application need every database privilege? Well, I finished the article, then went to the RSyslog web site and spent all of 4 minutes researching why the app needs so much privilege. As it turns out, it doesn’t. Right there in blank and white:
“It is sufficient to grant it INSERT privileges to the systemevents table, only.”
Whew. Okay. The app doesn’t need all those privileges. When I checked the author’s credentials, he presents himself as someone who manages firewalls, antispam and antivirus systems - someone you would hope would be security-conscious and aware of privileges. Apparently not - or at least, not when it comes to databases. I couldn’t find an email address to write to the author nor does the web site have a form to post feedback on articles so I can’t point this out nor the fact that he completely left out how to configure RSyslog to connect to MySQL.
<sigh>
krow@livejournal said,
June 26, 2008 at 5:42 pm
If you are looking for performance, just run mysql with –skip-grants and you can turn off all of the ACL.
Arjen said,
June 27, 2008 at 11:21 pm
The grant info is kept in-memory anyway, MySQL server grabs the stuff on
startup, and refreshes for any GRANT/REVOKE statements, and the separate
FLUSH PRIVILEGES statement.
The in-memory structure is sorted according to the way the server looks at
things. Of course not checking it at all is faster, but checking things at
least on the db level is not really a performance issue.
I generally recommend against mucking around at the table or column level,
but that’s more for management and sanity reasons. It causes no end of
trouble with new tables, renames, etc. Views are better for such cases.