New user has all privileges in MySQL 5.6

Question

I have a problem when I create a new user in mySQL 5.6

What I want: When I create the new user, it doesn't have any privileges, and I just want to grant some select and update in a few specific columns. So he should be able to update just anything at all the DB. Sounds fair.

So, first, I create a new user:

CREATE USER 'newuser'@'%' IDENTIFIED BY 'password';

After this, I log in with my new user and when I do a show grants; command I have this:

GRANT USAGE ON *.* TO 'newuser'@'%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'

So in my theory he cant do anything in my database bacause he doesn't have any GRANT SELECT privilege.

But when I do a select in my test table he can view all columns and all results. He can update ... and do everything he wants to. It's like he have a GRANT SELECT,UPDATE,DELETE ... ON *.* TO 'newuser'@'%' but I can't revoke that because he doesn't have that.

Of course, I've tried to revoke all privileges, but I can't because he doesn't have any privileges.

I hope i'm clear. So I'm confused, any ideas?

Thanks!

Clément

Answer 1

In many default installations, all users have all privileges on tables within any database called test or beginning with test_.

From http://dev.mysql.com/doc/refman/5.6/en/default-privileges.html#idp5999952 :

By default, the mysql.db table contains rows that permit access by any user to the test database and other databases with names that start with test_. ...If you want to remove any-user access to test databases, do so as follows:

mysql> DELETE FROM mysql.db WHERE Db LIKE 'test%';
mysql> FLUSH PRIVILEGES;

Alternatively, make sure that your test table isn't in a database with such a name, and then you'll see the true behaviour.