DA Minumum Privileges Required

srelliott

srelliott

Verified User
Joined
Apr 6, 2005
Messages
44
Hello,

Thank you in advance for taking the time to read this and answering my question.

I would like to know which global privileges are required in order for DA to work properly.

I would assume it doesn't need things like GRANT or SUPER, but I do know it needs RELOAD.


--
Shannon
 
DirectAdmin requires root or root equivalent to install and run.

Grant, Super, and reload sound like MySQL terms, are you sure that's not what your asking about?
 
jmstacey,

You are correct. I neglected to put it in context, my apologies. What are the minimum global privileges needed in the mysql database for the user da_admin.

I've included this handy-dandy list as a reminder of what privileges are available:

----
Data
----

DELETE
FILE
INSERT
SELECT
UPDATE

---------
Structure
---------

ALTER
CREATE
INDEX
DROP
CREATE TEMPORARY TABLES

-----
Admin
-----

EXECUTE
GRANT
LOCK TABLES
PROCESS
RELOAD
SHUTDOWN
SHOW DATABASES
SUPER
REFERENCES
REPLICATION CLIENT
REPLICATION SLAVE
 
On that I'm not exactly sure. All DirectAdmin appears to do in the MySQL management area is, create databases and users aswell as delete them, and ability to modify user privileges.

So for example, you problaby wouldn't need any of the replication abilities depending on your setup or any of the data and structure commands, however I'm not sure if those are needed to create the users in the MySQL table

I wouldn't/aren't to worried about it since da_admin has the same privileges as root, since it's only used by DirectAdmin. So it's not a major security risk. Of couse anything is possible, but that would be the leak would have to come from DirectAdmin.
 
Thanks for the response.

I'm running with Data and Structure enabled and Admin turned off. So far things seem to be working.
 
Hello,

The commands used by da_admin:

GRANT
REVOKE
SELECT
FLUSH PRIVILEGES (goes with RELOAD as you mentioned above)
SHOW TABLE STATUS FROM dbname
CREATE DATABASE dbname
DROP DATABASE dbname
UPDATE
INSERT

Also uses the mysql_list_dbs().

da_admin is also required for dumping databases with "mysqldump" (restores are done as the user).

The above commands are run mostly on the mysql database, so it needs to be able to edit the "db" and "user" tables mostly.

John
 
Thank you John, I know what a pain it can be to go back and look at code to figure something like that out.

--
Shannon
 
You must log in or register to reply here.
Back
Top