Last modified: 2013-05-27 22:52:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48460, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 46460 - Allow tools to create databases
Allow tools to create databases
Status: RESOLVED FIXED
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: Normal enhancement
: ---
Assigned To: Marc A. Pelletier
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-22 18:48 UTC by Jan Luca
Modified: 2013-05-27 22:52 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
MySQL/MariaDB-procedure to create tools dbs (1.50 KB, text/x-sql)
2013-03-27 14:29 UTC, Jan Luca 		Details
Procedure to grant all existing users the execute-right (785 bytes, text/x-sql)
2013-03-27 14:31 UTC, Jan Luca 		Details
MySQL/MariaDB-procedure to create tools dbs (1.63 KB, text/x-sql)
2013-04-08 17:55 UTC, Jan Luca 		Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Description Jan Luca 2013-03-22 18:48:26 UTC 
At moment the tools are not allowed to create own databases. I think it would be nice if they could create DB like <toolname>_<db>.

Two possible solutions:

1. Create a mysql-procedure for this.
2. Using "GRANT ALL PRIVILEGES ON `<toolname>_%" (I know it's horrid ;-) )
Comment 1 Jan Luca 2013-03-27 14:29:01 UTC 
Created attachment 11995 [details]
MySQL/MariaDB-procedure to create tools dbs

The attachment creates two procedures for creating tools db: "sys.create_tools_db" and "sys.create_tools_db_no_output".

The procedures run with the rights of the definer (SQL SECURITY DEFINER), so the users do not need a global CREATE DATABASE right.

They test the dbname that should be created if it has a syntax like <toolname>_<dbname>. When the name pass this test, the database will be created and the tooluser gets all rights with grant option for the new database.

sys.create_tools_db outputs the result of the process (this should be used by users on the MySQL-Shell), sys.create_tools_db_no_output generates no output (for use in programs)

The attachment is made for copy-and-paste on the MySQL-Shell.

The users need only the execute right for sys.* (GRANT EXECUTE ON sys.* TO <user>) to call this the procedure. See also the other attachment.
Comment 2 Marc A. Pelletier 2013-03-27 14:31:11 UTC 
Sounds like a good way forward.  Will audit and test the code shortly with an eye towards deployment.
Comment 3 Jan Luca 2013-03-27 14:31:30 UTC 
Created attachment 11996 [details]
Procedure to grant all existing users the execute-right

This attachment creates and calls a procedure to grant all existing users (select from mysql.user) the execute right for the table sys.*
Comment 4 Marc A. Pelletier 2013-03-28 15:34:47 UTC 
I see a number of security issues with the procedure, I'll do a bit of tightening up and post an updated version soon.
Comment 5 Jan Luca 2013-03-28 16:28:42 UTC 
No problem. I already thoght that there could be some thing which can be made better.
Comment 6 Jan Luca 2013-04-08 17:55:41 UTC 
Created attachment 12053 [details]
MySQL/MariaDB-procedure to create tools dbs

New version of sys.create_tools_db
Comment 7 Tim Landscheidt 2013-05-27 22:52:48 UTC 
Tools can now create databases on tools-db and the replicated database servers (cf. https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Help#Creating_databases).
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links