diff options
| author | Oliver Salzburg <oliver.salzburg@gmail.com> | 2019-07-01 20:55:33 +0300 |
|---|---|---|
| committer | Oliver Salzburg <oliver.salzburg@gmail.com> | 2019-07-16 11:26:25 +0300 |
| commit | 392a4dd68af1d02f6472a8c21583f78bf83fe7b4 (patch) | |
| tree | c006eccf17047de973c41b561d8504d88b3cc897 /lib/private/Setup/MySQL.php | |
| parent | 84a1712d9991df554a190750edf6dd1bb5d912f2 (diff) | |
Use specific privileges when creating admin
Using the ALL shorthand can cause problems when not all privileges are available to the user.
For example, AWS RDS MariaDB/MySQL will not grant the initial user account on an instance the SUPER privilege.
While the user account is still valid for pretty much any task on the DB instance, it can not use the ALL shorthand when granting privileges to new users.
By supplying a specific set of privileges, we work around this limitation without sacrificing functionality.
Closes #16139
Signed-off-by: Oliver Salzburg <oliver.salzburg@gmail.com>
Diffstat (limited to 'lib/private/Setup/MySQL.php')
| -rw-r--r-- | lib/private/Setup/MySQL.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php index dd215f96cbe..eb4fedefd4b 100644 --- a/lib/private/Setup/MySQL.php +++ b/lib/private/Setup/MySQL.php @@ -79,7 +79,7 @@ class MySQL extends AbstractDatabase { try { //this query will fail if there aren't the right permissions, ignore the error - $query="GRANT ALL PRIVILEGES ON `$name` . * TO '$user'"; + $query="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `$name` . * TO '$user'"; $connection->executeUpdate($query); } catch (\Exception $ex) { $this->logger->logException($ex, [ |