[#MDEV-20486] User without rights can create an database

[MDEV-20486] User without rights can create an database Created: 2019-09-04 Updated: 2019-09-10 Resolved: 2019-09-10
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	10.4.7
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Frank

Assignee:

Unassigned

Resolution:

Not a Bug

Votes:

Labels:

None

Environment:

CentOS 7.6

Description

An user without any rights can creates an database, when it is called "test".

MariaDB [(none)]> create database test1;

ERROR 1044 (42000): Access denied for user 'foo@'localhost' to database 'test1'

MariaDB [(none)]> create database test;

Query OK, 1 row affected (0.000 sec)

As root:

MariaDB [(none)]> show grants for 'foo'@'localhost';

+-------------------------------------------------------------------------------+

| Grants for foo@localhost                                           |

+-------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'foo'@'localhost' IDENTIFIED VIA unix_socket |

+-------------------------------------------------------------------------------+

1 row in set (0.000 sec)

Comments

Comment by Elena Stepanova [ 2019-09-10 ]

test database is by default accessible to any user. Please check mysql_secure_installation and other materials for more information.

Generated at Thu Feb 08 08:59:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.