Red Hat Bugzilla – Bug 434794
CREATE DATABASE permission bug
Last modified: 2013-07-02 23:17:32 EDT
Description of problem: CREATE DATABASE permission bug : a normal mysql user with no CREATE DATABASE permission still can create a database with a name beginning with 'test_' Version-Release number of selected component (if applicable): mysql 5.0.22 How reproducible: Steps to Reproduce: 1. create a mysql user, with no particular permission 2. log in with it then try : mysql> create database test_toto; Query OK, 1 row affected (0.00 sec) mysql> create database testtoto; ERROR 1044 (42000): Access denied for user 'cm07lp_03'@'localhost' to database 'testtoto' mysql> create database toto; ERROR 1044 (42000): Access denied for user 'cm07lp_03'@'localhost' to database 'toto' Trial 2 and 3 are OK : permission is rejected. Trial 1 is buggy : permission SHOULD BE rejected. Additional info: There are a lot of other bugs fixed in the upstream 5.0.x since 5.0.22. Please upgrade to the newest upstream version.
This is not a bug, but intentional (if poorly documented) behavior on upstream's part. Look into /usr/share/mysql/mysql_system_tables_data.sql. If you don't like it you can remove the test\_% entry from mysql.db.
Many thanks for your explanation. I finally found a reference in the Mysql Bugs DB : http://bugs.mysql.com/bug.php?id=12638 And in the documentation : http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html (not very well stressed !) The most confusing thing is that the rule allows the CREATION of these test_% database. I think the distros versions should at least turn the Create-priv field to 'N'.