当前位置: 文江博客话题详情

MySQL DROP DATABASE 相当于无 root 访问权限或 DROP 权限

发布于 2024-08-15 22:31:54 字数 1164 浏览 4 评论 0原文

我正在协调一些 PHP 开发项目。我设置了一个工作流程,开发人员都可以使用一个 Subversion 存储库。当他们准备好在临时服务器上查看应用程序时,上传 MySQL 数据库转储并创建标签。

我配置了一个 shell 脚本,它将自动将 PHP 代码部署到 DocumentRoot 并配置适当的权限。我现在需要编写数据库快照加载的脚本。

当我第一次配置新应用程序时,我创建一个数据库和用户帐户,如下所示:

CREATE DATABASE foodb;
GRANT ALL ON foodb.* TO user1@localhost IDENTIFIED BY 'password';

现在,当开发人员将新版本的 MySQL 转储检查到 Subversion 时,我需要删除旧数据库并恢复新快照。我目前正在使用以下工作流程。

1.) 以 root 身份登录 MySQL

DROP DATABASE foodb;
CREATE DATABASE foodb;
GRANT ALL ON foodb.* TO user1@localhost IDENTIFIED BY 'password';

2.) 登录 MySQL“user1”

mysql -h localhost -u user1 --password="drumitFed" foodb << new-db-dump-from-subversion.sql

我想合并上面的步骤 1 和 2。我想它看起来会是这样的。该代码不仅应该删除表,还应该删除视图、索引和存储过程。

请注意,它必须以数据库用户身份运行,而不是超级用户,并且数据库用户没有 DROP DATABASE 或 CREATE DATABASE 权限。

mysql -h localhost -u user1 --password="password" foodb << delete-all-tables-and-views.sql
mysql -h localhost -u user1 --password="password" foodb << new-db-dump-from-subversion.sql
原文

I am coordinating a number of PHP development projects. I have setup a workflow where developers all work with one Subversion repository. When they are ready to take a look at their application on staging servers upload a MySQL DB dump and create a tag.

I have configured a shell script that will automatically deploy the PHP code to the DocumentRoot and configure the proper permissions. I now need to script the loading of the database snapshot.

When I first configure a new application I create a database and user account like so:

CREATE DATABASE foodb;
GRANT ALL ON foodb.* TO user1@localhost IDENTIFIED BY 'password';

Now when the developers check a new version of the MySQL dump into Subversion I need to delete the old DB and restore a new snapshot. I'm currently using the following workflow.

1.) Login to MySQL as root

DROP DATABASE foodb;
CREATE DATABASE foodb;
GRANT ALL ON foodb.* TO user1@localhost IDENTIFIED BY 'password';

2.) Login to MySQL "user1"

mysql -h localhost -u user1 --password="drumitFed" foodb << new-db-dump-from-subversion.sql

I would like to combine steps 1 and 2 above. I imagine it would look something like this. The code should not only delete the tables but also views, indexes, and stored procedures.

note, that it has to run as the database user, not a superuser, and the database user does not have DROP DATABASE or CREATE DATABASE permissions.

mysql -h localhost -u user1 --password="password" foodb << delete-all-tables-and-views.sql
mysql -h localhost -u user1 --password="password" foodb << new-db-dump-from-subversion.sql

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

时光清浅 2024-08-22 22:31:54

我没有时间测试这一点,但尝试授予用户 CREATE 权限 MySQL 范围,然后创建每个数据库的用户应该有权删除他们创建的内容,如果没有,您可以授予他们删除该数据库的权限吗?

I don't have time to test this, but try granting users the CREATE privilege MySQL wide, then the user who created each DB should have permissions to drop what they created, if not you could grant them drop permissions for that DB?

回复 原文
囍笑 2024-08-22 22:31:54

您的选择是:

  1. 以 root 身份运行脚本
  2. 向数据库用户授予适当的权限(如果可能的话,通过角色)。
  3. 公开用户为脚本提供转储的能力,该脚本以 root 身份运行

数据库不会允许您规避访问控制。

Your options are:

  1. Run the scripts as root
  2. Grant appropriate permissions to the database user(s), via role if possible.
  3. Expose the ability for a user to supply a dump for a script, which gets run as root

A database isn't going to allow you to circumvent the access control.

回复 原文
囍笑 2024-08-22 22:31:54

首先,是否是超级用户在这里没有直接关系。 mysql 通常有一个“root”用户,但这不必与 root 登录相关联。

你的问题似乎是“我如何作为 mysql 用户执行 X 操作,并防止该用户必须拥有执行 X 操作的权限”,这会导致“你不能”的答案。所以看来你的问题肯定还有别的问题。为什么要使用同一个用户来处理所有事情?

不知何故,您需要拥有更大的权限才能设置环境。这可以做到
通过拥有一个单独的 mysql 用户,或一个单独的 mysql 服务器,或者通过暂时关闭 mysql 服务器并在安装期间使用 --skip-grant-tables 运行它的单独实例。

First of all, superuser or not has no direct bearing here. mysql often has a "root" user, but that doesn't have to be associated with a root login.

Your question seems to be "how do I do X as a mysql user, and keep that user from having to have permission to do X", which leads to a "you can't" answer. So it seems there must be something else to your question. Why do you want to use the same user for everything?

Somehow, you need to have greater permissions to set up the environment. This could be done
by having a separate mysql user, or a separate mysql server, or by temporarily shutting down the mysql server and running a separate instance of it with --skip-grant-tables for the duration of the setup.

回复 原文
瑾兮 2024-08-22 22:31:54

您可以使用 information_schema 生成执行该作业的 SQL 查询。我对您正在使用的脚本解决方案了解不够,因此我无法提出任何建议,但这里有一个示例 SQL 脚本,它可以在 MySQL 内部完成所有操作:

DELIMITER go

DROP PROCEDURE IF EXISTS p_drop_all_tables;
go

CREATE PROCEDURE p_drop_all_tables()
BEGIN
    DECLARE v_table_type VARCHAR(64);
    DECLARE v_table_name VARCHAR(64);
    DECLARE v_not_found TINYINT(1) DEFAULT FALSE;
    DECLARE csr_tables CURSOR FOR
        SELECT  CASE table_type
                    WHEN 'BASE TABLE' THEN 'TABLE'
                    ELSE table_type
                END table_type
        ,       table_name
        FROM    information_schema.TABLES
        WHERE   table_schema = SCHEMA()
        AND     table_type IN ('BASE TABLE', 'VIEW')
        ;
    DECLARE CONTINUE HANDLER FOR NOT FOUND 
        SET v_not_found := TRUE;

    SET @@foreign_key_checks := OFF;
    OPEN csr_tables;
    table_loop: LOOP

        FETCH   csr_tables 
        INTO    v_table_type
        ,       v_table_name
        ;
        IF v_not_found THEN
            CLOSE csr_tables;
            LEAVE table_loop;
        END IF;

        SET @stmt := CONCAT(
            'DROP '
        ,   v_table_type
        ,   ' `', v_table_name, '`'
        );
        PREPARE stmt FROM @stmt;
        EXECUTE stmt;
        DEALLOCATE PREPARE stmt;

    END LOOP;
    SET @@foreign_key_checks := ON;
END;
go

CALL p_drop_all_tables();
go

DROP PROCEDURE p_drop_all_tables;
go

DELIMITER;

You could use the information_schema to generates the SQL query that does the job. I don't know enough about the scripting solution you are using, so I can't suggest anything for that, but here's a sample SQL script that does everything from inside MySQL:

DELIMITER go

DROP PROCEDURE IF EXISTS p_drop_all_tables;
go

CREATE PROCEDURE p_drop_all_tables()
BEGIN
    DECLARE v_table_type VARCHAR(64);
    DECLARE v_table_name VARCHAR(64);
    DECLARE v_not_found TINYINT(1) DEFAULT FALSE;
    DECLARE csr_tables CURSOR FOR
        SELECT  CASE table_type
                    WHEN 'BASE TABLE' THEN 'TABLE'
                    ELSE table_type
                END table_type
        ,       table_name
        FROM    information_schema.TABLES
        WHERE   table_schema = SCHEMA()
        AND     table_type IN ('BASE TABLE', 'VIEW')
        ;
    DECLARE CONTINUE HANDLER FOR NOT FOUND 
        SET v_not_found := TRUE;

    SET @@foreign_key_checks := OFF;
    OPEN csr_tables;
    table_loop: LOOP

        FETCH   csr_tables 
        INTO    v_table_type
        ,       v_table_name
        ;
        IF v_not_found THEN
            CLOSE csr_tables;
            LEAVE table_loop;
        END IF;

        SET @stmt := CONCAT(
            'DROP '
        ,   v_table_type
        ,   ' `', v_table_name, '`'
        );
        PREPARE stmt FROM @stmt;
        EXECUTE stmt;
        DEALLOCATE PREPARE stmt;

    END LOOP;
    SET @@foreign_key_checks := ON;
END;
go

CALL p_drop_all_tables();
go

DROP PROCEDURE p_drop_all_tables;
go

DELIMITER;
回复 原文
谷夏 2024-08-22 22:31:54

你也许可以作一些作弊。

如果您可以安排脚本可以以 root 或 mysql 用户身份运行,则可以让脚本使用适当的数据库权限和“空白”模式设置来安装数据库。

shutdown mysql

copy -rp .../clean/* /var/lib/mysql/

startup mysql

所以,数据库的干净副本有创建的数据库和grant语句,但没有数据。

-丹尼尔

You might be able to cheat somewhat.

If you can arrange it so that a script can run as root or the mysql user, you can have the script install the database with the proper database permissions and a "blank" schema setup.

shutdown mysql

copy -rp .../clean/* /var/lib/mysql/

startup mysql

So, the clean copy of the database has the created database and grant statements, but no data.

-daniel

回复 原文
时光是把杀猪刀 2024-08-22 22:31:54

您可以向用户授予全局权限。这不是最安全的,但它确实可以保护根用户密码,如果这是一个删除数据库是常见操作的系统,那么数据完整性似乎就不那么重要了。

您可以在导入转储之前使用 mysqldump 中的 --add-drop-database 标志来删除数据库:

--add-drop-database Add a 'DROP DATABASE' before each create.

You can grant global permissions to a user. This is not the most secure, but it does protect the root user password and if this is a system where dropping the database is a common operation then data integrity appears to be less of a concern.

You can use the --add-drop-database flag in mysqldump to drop the database before importing the dump:

--add-drop-database Add a 'DROP DATABASE' before each create.
回复 原文
香草可樂 2024-08-22 22:31:54

为什么不这样做呢?

mysql -h localhost -u root --password="xxx" foodb << delete-all-tables-and-views.sql
mysql -h localhost -u user1 --password="yyy" foodb << new-db-dump-from-subversion.sql

该脚本本身不需要以 root 身份运行。 MySQL“根”和系统“根”是不同的东西。

Why not do this?

mysql -h localhost -u root --password="xxx" foodb << delete-all-tables-and-views.sql
mysql -h localhost -u user1 --password="yyy" foodb << new-db-dump-from-subversion.sql

The script itself doesn't need to run as root. The MySQL "root" and the system's "root" are separate things.

回复 原文
~没有更多了~

关于作者

我恋#小黄人

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

謌踐踏愛綪

文章 0 评论 0

开始看清了

文章 0 评论 0

高速公鹿

文章 0 评论 0

alipaysp_PLnULTzf66

文章 0 评论 0

热情消退

文章 0 评论 0

白色月光

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文