Merge work:/home/bk/mysql-4.0 into mashka.mysql.fi:/my/mysql-4.0

@itemize @bullet

@item

MySQL 4.0 has a lot of new privileges in the @code{mysql.user} table.

@xref{GRANT}.

To get these new privileges to work, one must run the

@code{mysql_fix_privilege_tables} scripts.  Until this script is run all

users have the @code{SHOW DATABASES}, @code{CREATE TEMPORARY TABLES},

and @code{LOCK TABLES} privileges. @code{SUPER} and @code{EXECUTE}

privileges takes their value from @code{PROCESS}. @code{REPLICATION

SLAVE} and @code{REPLICATION CLIENT} takes their values from

@code{FILE}.

If you have any scripts that creates new users, you may want to change

them to use the new privileges.  If you are not using @code{GRANT}

commands in the scripits, this is a good time to change the scripts...

In 4.0.2 the option @code{--safe-show-database} doesn't do anything and

should not be used. @xref{Privileges options}.

If you get access denied errors for new users with MySQL 4.0.2, you

should check if you need some of the new grants that you didn't need

before.  In particular, you will need @code{REPLICATION SLAVE} (instead

of @code{FILE}) for new slaves.

@item

@code{DOUBLE} and @code{FLOAT} columns are now honoring the

@code{UNSIGNED} flag on storage (before, @code{UNSIGNED} was ignored for

these columns).

privileges.  The @code{test} database is often provided as a workspace for

users to try things out.

Note that you may not see all databases if you don't have the @code{SHOW

DATABASES} privilege. @xref{GRANT}.

If the @code{test} database exists, try to access it:

@example

need memory checking, by using this option.

@item --skip-show-database

Don't allow 'SHOW DATABASE' commands, unless the user has @strong{process}

privilege.

Don't allow 'SHOW DATABASE' commands, unless the user has the

@strong{SHOW DATABASE} privilege.  In 4.0.2 this command should not be

need anymore.

@item --skip-stack-trace

Don't write stack traces.  This option is useful when you are running

INFILE}.

@item --safe-show-database

With this option,

@code{SHOW DATABASES} returns only those databases for which the user has

some kind of privilege.

With this option, @code{SHOW DATABASES} returns only those databases for

which the user has some kind of privilege. In 4.0.2 this command doesn't

do anything (the option is enabled by default) as we now have the

@code{SHOWS DATABASES} privilege. @xref{GRANT}.

@item --safe-user-create

If this is enabled, an user can't create new users with the @code{GRANT}

and under the circumstances indicated in @ref{Privilege changes}.

The names used in this manual to refer to the privileges provided by

MySQL are shown here, along with the table column name associated

MySQL 4.0.2 are shown here, along with the table column name associated

with each privilege in the grant tables and the context in which the

privilege applies:

@multitable @columnfractions .15 .20 .35

@item @strong{Privilege}   @tab @strong{Column}      @tab @strong{Context}

@item @strong{select}      @tab @code{Select_priv}   @tab tables

@item @strong{insert}      @tab @code{Insert_priv}   @tab tables

@item @strong{update}      @tab @code{Update_priv}   @tab tables

@item @strong{alter}       @tab @code{Alter_priv}    @tab tables

@item @strong{delete}      @tab @code{Delete_priv}   @tab tables

@item @strong{index}       @tab @code{Index_priv}    @tab tables

@item @strong{alter}       @tab @code{Alter_priv}    @tab tables

@item @strong{insert}      @tab @code{Insert_priv}   @tab tables

@item @strong{select}      @tab @code{Select_priv}   @tab tables

@item @strong{update}      @tab @code{Update_priv}   @tab tables

@item @strong{create}      @tab @code{Create_priv}   @tab databases, tables, or indexes

@item @strong{drop}        @tab @code{Drop_priv}     @tab databases or tables

@item @strong{grant}       @tab @code{Grant_priv}    @tab databases or tables

@item @strong{references}  @tab @code{References_priv} @tab databases or tables

@item @strong{create temporary tables} @tab @code{create_tmp_table_priv} @tab server administration

@item @strong{execute} @tab @code{execute_priv} @tab server administration

@item @strong{file}        @tab @code{File_priv}     @tab file access on server

@item @strong{lock tables} @tab @code{Lock_tables_priv} @tab server administration

@item @strong{process}     @tab @code{Process_priv}  @tab server administration

@item @strong{reload}      @tab @code{Reload_priv}   @tab server administration

@item @strong{replication client} @tab @code{Repl_client_priv} @tab server administration

@item @strong{replication slave} @tab @code{Repl_slave_priv} @tab server administration

@item @strong{show databases} @tab @code{Show_db_priv} @tab server administration

@item @strong{shutdown}    @tab @code{Shutdown_priv} @tab server administration

@item @strong{process}     @tab @code{Process_priv}  @tab server administration

@item @strong{file}        @tab @code{File_priv}     @tab file access on server

@item @strong{super}       @tab @code{Super_priv}    @tab server administration

@end multitable

The @strong{select}, @strong{insert}, @strong{update}, and @strong{delete}

@code{flush-privileges}, @code{flush-hosts}, @code{flush-logs}, and

@code{flush-tables}

@item @strong{shutdown}   @tab @code{shutdown}

@item @strong{process}    @tab @code{processlist}, @code{kill}

@item @strong{process}    @tab @code{processlist}

@item @strong{super}	  @tab @code{kill}

@end multitable

The @code{reload} command tells the server to re-read the grant tables.  The

The @code{shutdown} command shuts down the server.

The @code{processlist} command displays information about the threads

executing within the server.  The @code{kill} command kills server threads.

You can always display or kill your own threads, but you need the

@strong{process} privilege to display or kill threads initiated by other

users. @xref{KILL}.

executing within the server.  The @code{kill} command kills server

threads.  You can always display or kill your own threads, but you need

the @strong{PROCESS} privilege to display and @code{SUPER} privilege to

kill threads initiated by other users. @xref{KILL}.

It is a good idea in general to grant privileges only to those users who need

them, but you should exercise particular caution in granting certain

For the @code{GRANT} and @code{REVOKE} statements, @code{priv_type} may be

specified as any of the following:

@example

ALL PRIVILEGES      FILE                RELOAD

ALTER               INDEX               SELECT

CREATE              INSERT              SHUTDOWN

DELETE              PROCESS             UPDATE

DROP                REFERENCES          USAGE

@end example

@multitable @columnfractions .30 .70

@item @code{ALL [PRIVILEGES]} @tab Sets all simple privileges except @code{WITH GRANT OPTION}

@item @code{ALTER}  @tab Allows usage of @code{ALTER TABLE}

@item @code{CREATE} @tab Allows usage of @code{CREATE TABLE}

@item @code{CREATE TEMPORARY TABLE} @tab Allows usage of @code{CREATE TEMPORARY TABLE}

@item @code{DELETE} @tab Allows usage of @code{DELETE}

@item @code{DROP} @tab Allows usage of @code{DROP TABLE}.

@item @code{EXECUTE} @tab Allows the user to run stored procedures (for MySQL 5.0)

@item @code{FILE} @tab Allows usage of @code{SELECT ... INTO OUTFILE} and @code{LOAD DATA INFILE}.

@item @code{INDEX} @tab Allows usage of @code{CREATE INDEX} and @code{DROP INDEX}

@item @code{INSERT} @tab Allows usage of @code{INSERT}

@item @code{LOCK TABLES} @tab Allows usage of @code{LOCK TABLES} on tables for which on has the @code{SELECT} privilege.

@item @code{PROCESS} @tab Allows usage of @code{SHOW FULL PROCESSLIST}

@item @code{REFERENCES} @tab For the future

@item @code{RELOAD} @tab Allows usage of @code{FLUSH}

@item @code{REPLICATION CLIENT} @tab Gives the right to the user to ask where the slaves/masters are.

@item @code{REPLICATION SLAVE} @tab Needed for the replication slaves (to read binlogs from master).

@item @code{SELECT} @tab Allows usage of @code{SELECT}

@item @code{SHOW DATABASES} @tab @code{SHOW DATABASES} shows all databases.

@item @code{SHUTDOWN} @tab Allows usage of @code{mysqladmin shutdown}

@item @code{SUPER} @tab Allows one connect (once) even if max_connections is reached and execute commands @code{CHANGE MASTER}, @code{KILL thread}, @code{mysqladmin debug}, @code{PURGE MASTER LOGS} and @code{SET GLOBAL}

@item @code{UPDATE} @tab Allows usage of @code{UPDATE}

@item @code{USAGE} @tab Synonym for ``no privileges.''

@end multitable

@code{ALL} is a synonym for @code{ALL PRIVILEGES}.  @code{REFERENCES} is not

yet implemented.  @code{USAGE} is currently a synonym for ``no privileges.''

It can be used when you want to create a user that has no privileges.

@code{USAGE} can be used when you want to create a user that has no privileges.

The privileges @code{CREATE TEMPORARY TABLE}, @code{EXECUTE},

@code{LOCK TABLES}, @code{REPLICATION ...}, @code{SHOW DATABASES} and

@code{SUPER} are new for MySQL 4.0.2.  To use these, after upgrading to

4.0.2, one has to run the @code{mysql_fix_privilege_tables} script.

In older MySQL versions, the @code{PROCESS} privilege gave the same rights

as the new @code{SUPER} privilege.

To revoke the @strong{grant} privilege from a user, use a @code{priv_type}

value of @code{GRANT OPTION}:

users with different privileges may be able to join privileges!

@code{MAX_QUERIES_PER_HOUR #}, @code{MAX_UPDATES_PER_HOUR #} and

@code{MAX_CONNECTIONS_PER_HOUR #} limit the number of

queries/updates and logins the user can do during one hour. 

If @code{#} is 0 (default), then this means that there is no limitations

for the user. @xref{User resources}.

@code{MAX_CONNECTIONS_PER_HOUR #} are new in MySQL 4.0.2.  They limit

the number of queries/updates and logins the user can do during one

hour. If @code{#} is 0 (default), then this means that there is no

limitations for the user. @xref{User resources}.

You cannot grant another user a privilege you don't have yourself;

the @strong{grant} privilege allows you to give away only those privileges

@item admin

A user who can connect from @code{localhost} without a password and who is

granted the @strong{reload} and @strong{process} administrative privileges.

granted the @strong{reload} and @strong{PROCESS} administrative privileges.

This allows the user to execute the @code{mysqladmin reload},

@code{mysqladmin refresh}, and @code{mysqladmin flush-*} commands, as well as

@code{mysqladmin processlist} .  No database-related privileges are granted.

which threads are running with the @code{SHOW PROCESSLIST} command and kill

a thread with the @code{KILL thread_id} command.

If you have the @strong{process} privilege, you can see and kill all threads.

If you have the @strong{PROCESS} privilege, you can see all threads.

If you have the @code{SUPER} privilege you can kill all threads.

Otherwise, you can see and kill only your own threads.

You can also use the @code{mysqladmin processlist} and @code{mysqladmin kill}

mysql> SHOW INDEX FROM mydb.mytable;

@end example

@code{SHOW DATABASES} lists the databases on the MySQL server

host.  You can also get this list using the @code{mysqlshow} command.

@code{SHOW DATABASES} lists the databases on the MySQL server host.  You

can also get this list using the @code{mysqlshow} command.  In MySQL

4.0.2 you will only see those databases for which you have some kind of

privilege, if you don't have the global @code{SHOW DATABASES} privilege.

@code{SHOW TABLES} lists the tables in a given database.  You can also

get this list using the @code{mysqlshow db_name} command.

@item @code{skip_show_database}

This prevents people from doing @code{SHOW DATABASES} if they don't have

the @strong{process} privilege. This can improve security if you're

the @strong{PROCESS} privilege. This can improve security if you're

concerned about people being able to see what databases other users

have. See also @code{safe_show_database}.

@code{SHOW [FULL] PROCESSLIST} shows you which threads are running.  You can

also get this information using the @code{mysqladmin processlist}

command.  If you have the @strong{process} privilege, you can see all

command.  If you have the @strong{SUPER} privilege, you can see all

threads.  Otherwise, you can see only your own threads.  @xref{KILL, ,

@code{KILL}}.  If you don't use the @code{FULL} option, then only

the first 100 characters of each query will be shown.

This command is very useful if you get the 'too many connections' error

message and want to find out what's going on. MySQL reserves

one extra connection for a client with the @strong{process} privilege

one extra connection for a client with the @strong{SUPER} privilege

to ensure that you should always be able to login and check the system

(assuming you are not giving this privilege to all your users).

in the latest release.

@item

Set up special a replication user on the master with the @code{FILE}

privilege and permission to connect from all the slaves. If the user is

only doing replication (which is recommended), you don't need to grant any

additional privileges.

Set up special a replication user on the master with the @code{FILE} (in

MySQL versions older than 4.0.2) or @code{REPLICATION SLAVE} privilege

in newer MySQL versions.  You must also gived permission to connect from

all the slaves. If the user is only doing replication (which is

recommended), you don't need to grant any additional privileges.

For example, to create a user named @code{repl} which can access your

master from any host, you might use this command:

@item

Starting in Version 3.23.16, @code{SET SQL_LOG_BIN = 0} will turn off

replication (binary) logging on the master, and @code{SET SQL_LOG_BIN =

1} will turn it back on -- you must have the @strong{process} privilege to do

this.

1} will turn it back on -- you must have the @strong{SUPER} (in MySQL

4.0.2 and above) or @strong{PROCESS} (in older MySQL versions) privilege

to do this.

@item

Starting in Version 3.23.19, you can clean up stale replication leftovers when

something goes wrong and you want a clean start with @code{FLUSH MASTER}

 @tab Stops the slave thread. (Slave)

@item @code{SET SQL_LOG_BIN=0}

 @tab Disables update logging if the user has the @strong{process} privilege.

@tab Disables update logging if the user has the @strong{SUPER} privilege.

 Ignored otherwise. (Master)

@item @code{SET SQL_LOG_BIN=1}

 @tab Re-enables update logging if the user has the @strong{process} privilege.

 @tab Re-enables update logging if the user has the @strong{SUPER} privilege.

 Ignored otherwise. (Master)

@item @code{SET SQL_SLAVE_SKIP_COUNTER=n}

@item SQL_LOG_OFF = 0 | 1

If set to @code{1}, no logging will be done to the standard log for this

client, if the client has the @strong{process} privilege.  This does not

client, if the client has the @strong{SUPER} privilege.  This does not

affect the update log!

@item SQL_LOG_UPDATE = 0 | 1

If set to @code{0}, no logging will be done to the update log for the client,

if the client has the @strong{process} privilege.  This does not affect the

if the client has the @strong{SUPER} privilege.  This does not affect the

standard log!

@item SQL_QUOTE_SHOW_CREATE = 0 | 1

the first byte of the encrypted string to determine the DES key number

that was used to encrypt the original string, then reads the key

from the @code{des-key-file} to decrypt the message.  For this to work

the user must have the @strong{process} privilege.

the user must have the @strong{SUPER} privilege.

If you pass this function a @code{key_string} argument, that string

is used as the key for decrypting the message.

connection dies and the name is per connection.  This means that two different

connections can both use the same temporary table name without conflicting

with each other or with an existing table of the same name. (The existing table

is hidden until the temporary table is deleted.)

is hidden until the temporary table is deleted.).  In MySQL 4.0.2 one must

have the @code{CREATE TEMPORARY TABLE} privilege to be able to create

temporary tables.

In MySQL Version 3.23 or later, you can use the keywords

@code{IF NOT EXISTS} so that an error does not occur if the table already

thread issues another @code{LOCK TABLES}, or when the connection to the

server is closed.

To use @code{LOCK TABLES} in MySQL 4.0.2 you need the global @code{LOCK

TABLES} privilege and a @code{SELECT} privilege on the involved tables.

In MySQL 3.23 you need to have @code{SELECT}, @code{INSERT},

@code{DELETE} and @code{UPDATE} privileges for the tables.

The main reasons to use @code{LOCK TABLES} are for emulating transactions

or getting more speed when updating tables.  This is explained in more

detail later.

The default behavior is to set the isolation level for the next (not

started) transaction.  If you use the @code{GLOBAL} keyword, the statement

sets the default transaction level globally for all new connections

created from that point on.  You will need the @strong{process}

created from that point on.  You will need the @strong{SUPER}

privilege to do do this.  Using the @code{SESSION} keyword sets the

default transaction level for all future transactions performed on the

current connection.

@subsubheading Description

Instructs the server to write some debug information to the log.  The

connected user must have the @strong{process} privilege for this to work.

connected user must have the @strong{SUPER} privilege for this to work.

@subsubheading Return Values

Note that @code{mysqld} actually allows (@code{max_connections}+1)

clients to connect.  The last connection is reserved for a user with the

@strong{process} privilege.  By not giving this privilege to normal

@strong{SUPER} privilege.  By not giving this privilege to normal

users (they shouldn't need this), an administrator with this privilege

can log in and use @code{SHOW PROCESSLIST} to find out what could be

wrong. @xref{SHOW}.

@itemize @bullet

@item

Added privileges @code{CREATE TEMPORARY TABLE}, @code{LOCK TABLES},

@code{REPLICATION CLIENT}, @code{REPLICATION SLAVE}, @code{SHOW

DATABASES} and @code{SUPER}. To use these, one must run the

@code{mysql_fix_privilege_tables}.

@item

Fixed query cache align data bug.

@item

Fixed mutex bug in replication when reading from master fails.

and when using keys.

@item

You can now use @code{mysqladmin proc} to display information about your own

threads. Only users with the @strong{process} privilege can get

information about all threads.

threads. Only users with the @strong{PROCESS} privilege can get

information about all threads. (In 4.0.2 one need the @strong{SUPER} privilege for this.)

@item

Added handling of formats @code{YYMMDD}, @code{YYYYMMDD},

@code{YYMMDDHHMMSS} for numbers when using @code{DATETIME} and

#define ER_MIXING_NOT_ALLOWED 1224

#define ER_DUP_ARGUMENT 1225

#define ER_USER_LIMIT_REACHED 1226

#define ER_ERROR_MESSAGES 227

#define ER_SPECIFIC_ACCESS_DENIED_ERROR 1227

#define ER_ERROR_MESSAGES 228

if test ! -f $mdata/user.frm

then

  c_u="$c_u CREATE TABLE user ("

  c_u="$c_u   Host char(60) DEFAULT '' NOT NULL,"

  c_u="$c_u   User char(16) DEFAULT '' NOT NULL,"

  c_u="$c_u   Password char(16) DEFAULT '' NOT NULL,"

  c_u="$c_u   Host char(60) binary DEFAULT '' NOT NULL,"

  c_u="$c_u   User char(16) binary DEFAULT '' NOT NULL,"

  c_u="$c_u   Password char(16) binary DEFAULT '' NOT NULL,"

  c_u="$c_u   Select_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Insert_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Update_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   References_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Index_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Alter_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   ssl_type enum('NONE','ANY', 'X509', 'SPECIFIED') NOT NULL,"

  c_u="$c_u   ssl_cipher char(60) NULL,"

  c_u="$c_u   x509_issuer blob NULL,"

  c_u="$c_u   x509_subject blob NULL,"

  c_u="$c_u   Show_db_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Super_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Create_tmp_table_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Lock_tables_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Execute_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Repl_slave_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   Repl_client_priv enum('N','Y') DEFAULT 'N' NOT NULL,"

  c_u="$c_u   ssl_type enum('','ANY','X509', 'SPECIFIED') DEFAULT '' NOT NULL,"

  c_u="$c_u   ssl_cipher BLOB NOT NULL,"

  c_u="$c_u   x509_issuer BLOB NOT NULL,"

  c_u="$c_u   x509_subject BLOB NOT NULL,"

  c_u="$c_u   max_questions int(11) unsigned DEFAULT 0  NOT NULL,"

  c_u="$c_u   max_updates int(11) unsigned DEFAULT 0  NOT NULL,"

  c_u="$c_u   max_connections int(11) unsigned DEFAULT 0  NOT NULL,"

  c_u="$c_u   PRIMARY KEY Host (Host,User)"

  c_u="$c_u )"

  c_u="$c_u comment='Users and global privileges';"

  i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);

  INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);

  REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','none',NULL,NULL,NULL);

  INSERT INTO user VALUES ('localhost','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','none',NULL,NULL,NULL);

  INSERT INTO user VALUES ('$hostname','','','N','N','N','N','N','N','N','N','N','N','N','N','N','N','none',NULL,NULL,NULL);"

  i_u="INSERT INTO user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);

  INSERT INTO user VALUES ('$hostname','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);

  REPLACE INTO user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);

  INSERT INTO user (host,user) values ('localhost','');

  INSERT INTO user (host,user) values ('$hostname','');"

fi

if test ! -f $mdata/func.frm

1

2

select c from t1;

select command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'

SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'

select * from t2;

select command denied to user: 'mysqltest_3@localhost' for table 't2'

select mysqltest.t1.c from test.t1,mysqltest.t1;

select command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'

SELECT command denied to user: 'mysqltest_3@localhost' for column 'c' in table 't1'

show status like "Qcache_queries_in_cache";

Variable_name	Value

Qcache_queries_in_cache	6

reset master;

grant file on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';

grant file on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';

grant replication slave on *.* to replicate@localhost identified by 'aaaaaaaaaaaaaaab';

grant replication slave on *.* to replicate@127.0.0.1 identified by 'aaaaaaaaaaaaaaab';

slave start;

drop table if exists t1;

create table t1(n int);