撤销安装插件的权限?

huangapple go评论60阅读模式
英文:

Revoking permission to install plugins?

问题

以下查询是安全审计的一部分,用于识别具有在数据库级别安装/卸载服务器插件访问权限的用户。

SELECT user, host FROM mysql.db WHERE db = 'mysql' and (insert_priv='y') or (delete_priv='y') or (insert_priv='y' and delete_priv='y');

我需要从列出的用户中撤销该权限。是否有特定的权限我可以撤销来完成这个操作?如果有的话,我找不到它。还是我应该直接在mysql.db表中更新insert_priv和delete_priv字段?我不是DBA,但目前我是我们团队中最接近的人。

英文:

The following query was used as part of a security audit to identify users with access to install/uninstall server plugins at the database level.

SELECT user, host FROM mysql.db WHERE db = 'mysql' and (insert_priv='y') or (delete_priv='y') or (insert_priv='y' and delete_priv='y');

I need to revoke that permission from the users that are listed. Is there a specific privilege I revoke to do this? If so, I can't find it. Or would I simply UPDATE the insert_priv and delete_priv fields directly in the mysql.db table? I'm not a DBA but the closest thing we have at the moment.

答案1

得分: 0

你可以在具有对 mysql.plugin 表的 INSERT 权限时安装插件,参见 INSTALL PLUGIN

要使用 INSTALL PLUGIN,您必须对 mysql.plugin 表具有 INSERT 权限。

因此,当您在(内部管理)数据库 mysql 上具有数据库范围的 INSERT 权限时,您可以安装插件。

对于 UNINSTALL PLUGIN 语句也是一样的,请参见 UNINSTALL PLUGIN

要使用 UNINSTALL PLUGIN,您必须对 mysql.plugin 表具有 DELETE 权限。

移除 mysql 数据库的 insert_privdelete_priv 权限,您的 "普通" MySQL 用户账户本来就不应该能够在此数据库中写入。

英文:

You are able to install plugins when you have INSERT permissions on the mysql.plugin table, see INSTALL PLUGIN:

> To use INSTALL PLUGIN, you must have the INSERT privilege for the mysql.plugin table.

So when you have database wide INSERT permissions on the (internal administrative) database mysql, then you can install plugins.

The same goes for the UNINSTALL PLUGIN statement, see UNINSTALL PLUGIN

> To use UNINSTALL PLUGIN, you must have the DELETE privilege for the mysql.plugin table.

Remove the insert_priv and delete_priv privileges for the mysql database, your "normal" MySQL user accounts shouldn't be able to write in this database anyway.

huangapple
  • 本文由 发表于 2023年6月2日 00:12:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/76383839.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定