Skip to content

Fixing #42, allows operation with less privileged user#43

Open
clayrosenthal wants to merge 2 commits into
smallstep:masterfrom
clayrosenthal:master
Open

Fixing #42, allows operation with less privileged user#43
clayrosenthal wants to merge 2 commits into
smallstep:masterfrom
clayrosenthal:master

Conversation

@clayrosenthal

Copy link
Copy Markdown

Name of feature:

Database/table check before creation

Pain or issue this feature alleviates:

Allowing operation with less privileged mysql user

Why is this important to the project (if not answered above):

Is there documentation on how to use this feature? If so, where?

Ideally no workflow change, just slightly extra queries being run

In what environments or workflows is this feature supported?

In what environments or workflows is this feature explicitly NOT supported (if any)?

Supporting links/other PRs/issues:

Fixes #42

💔Thank you!

clayrosenthal and others added 2 commits May 31, 2023 19:18
not tested, just drafting concept for now
@CLAassistant

CLAassistant commented Jun 2, 2023

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions Bot added the needs triage Waiting for discussion / prioritization by team label Jun 2, 2023
@dopey

dopey commented Aug 3, 2023

Copy link
Copy Markdown
Contributor

Hey @clayrosenthal 👋 , thanks for posting a PR and sorry for the delay.

So, is the purpose of the checks just to provide a more accurate error message?

@clayrosenthal

clayrosenthal commented Aug 3, 2023

Copy link
Copy Markdown
Author

Hey @dopey, the purpose would be having multiple servers serving from one database, with only one having permissions to create and destroy tables. A side effect would be more descriptive error messages.

Similar to how running step-ca with a separate less privileged user of the actual server, I'd like to have a less privileged user accessing the database after it's been setup to reduce attack vectors while having high availability

@dopey

dopey commented Aug 3, 2023

Copy link
Copy Markdown
Contributor

Ok, I think I'm following. Basically Create Table If Not Exists will fail if it is underprivileged even if the table already exists. Is that right?

@dopey

dopey commented Aug 3, 2023

Copy link
Copy Markdown
Contributor

This PR is failing the tests due to the backticks in the SHOW queries. Not sure what to do since we added those so that the queries would accept databases and tables with names that needed to be escaped.

@dopey

dopey commented Aug 3, 2023

Copy link
Copy Markdown
Contributor

I created this PR - #46 - based off yours with a few small fixes and additions. Still has the same issue with the query not working due to bad syntax.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs triage Waiting for discussion / prioritization by team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Ability to run as less privileged user

3 participants