[MDEV-22091] REVOKE ALL is not allowed for root Created: 2020-03-31  Updated: 2020-04-01  Resolved: 2020-04-01

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.5.2
Fix Version/s: 10.5.3

Type: Bug Priority: Major
Reporter: Oli Sennhauser Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None
Environment:

n.a.

Issue Links:
Duplicate
duplicates MDEV-22057 REPLICATION MASTER ADMIN is missing i... Closed

 Description    

Server version:         10.5.2-MariaDB-log MariaDB Server
 
 
 
SQL> SELECT CURRENT_USER();
 
+----------------+
 
| CURRENT_USER() |
 
+----------------+
 
| root@localhost |
 
+----------------+
 
 
 
SQL> CREATE USER 'foo'@'bar';
 
 
 
SQL> REVOKE ALL PRIVILEGES ON *.* FROM 'foo'@'bar';
 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
 
 
 
 
 
MariaDB 10.4.x
 
 
 
SQL> REVOKE ALL PRIVILEGES ON *.* FROM 'foo'@'bar';
 
Query OK, 0 rows affected, 1 warning (0.002 sec)



 Comments   
Comment by Oli Sennhauser [ 2020-03-31 ] 

show create user root@localhost;
 
+------------------------------------------------------------------------------------+
 
| CREATE USER for root@localhost                                                     |
 
+------------------------------------------------------------------------------------+
 
| CREATE USER `root`@`localhost` IDENTIFIED VIA mysql_native_password OR unix_socket |
 
+------------------------------------------------------------------------------------+
 
 
 
show grants for root@localhost;
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| Grants for root@localhost                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `root`@`localhost` IDENTIFIED VIA mysql_native_password OR unix_socket WITH GRANT OPTION |
 
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Was an upgraded instance from 10.5.1 (and possibly from 10.5.0 before)

Comment by Elena Stepanova [ 2020-03-31 ]

The problem should be already fixed in the scope of MDEV-22057.
Apologies for the inconvenience.

Generated at Thu Feb 08 09:12:07 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.