Monday, August 3, 2009

Create user in mysql


The mysql user information is kept inside USER table under mysql database. So creation of new user will affect the USER table of mysql database. In order to know a list of mysql users according with user table's description issue,

Here test is the root account password.
mysql -u root -ptest
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;
Database changed

mysql> desc user;
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Host | char(60) | NO | PRI | | |
| User | char(16) | NO | PRI | | |
| Password | char(41) | NO | | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
| ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | |
| ssl_cipher | blob | NO | | NULL | |
| x509_issuer | blob | NO | | NULL | |
| x509_subject | blob | NO | | NULL | |
| max_questions | int(11) unsigned | NO | | 0 | |
| max_updates | int(11) unsigned | NO | | 0 | |
| max_connections | int(11) unsigned | NO | | 0 | |
| max_user_connections | int(11) unsigned | NO | | 0 | |
+-----------------------+-----------------------------------+------+-----+---------+-------+
39 rows in set (0.14 sec)


mysql> select host, user from user;
+-----------+---------+
| host | user |
+-----------+---------+
| % | magento |
| 127.0.0.1 | root |
| localhost | |
| localhost | magento |
| localhost | pma |
| localhost | root |
+-----------+---------+
6 rows in set (0.00 sec)

By query the Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv etc you can check whether user has certain types of privilege or not.

There are several ways to create user in mysql which is described below.

Way 01: With the CREATE USER statement
1)Connect to mysql database as a user who must have the global CREATE USER privilege or the INSERT privilege for the mysql database. You can use root because by default root has privilege to create user.

2)In fact CREATE USER statement creates a new record in the mysql.user table that has no privileges assigned by default.

mysql> create user arju;
Query OK, 0 rows affected (0.13 sec)

mysql> select user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+----------+------+-------------+-------------+
| user | password | host | select_priv | insert_priv |
+------+----------+------+-------------+-------------+
| arju | | % | N | N |
+------+----------+------+-------------+-------------+
1 row in set (0.00 sec)

Notice that if you specify only the user name part of the account name while creating user, a host name part of '%' is used.

User arju is not assigned any password in this way as you see password is null. To assign password to user arju issue,

mysql> set password for 'arju'=password('test');
Query OK, 0 rows affected (0.03 sec)

mysql> select user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+-------------------------------------------+------+-------------+-------------+
| user | password | host | select_priv | insert_priv |
+------+-------------------------------------------+------+-------------+-------------+
| arju | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | % | N | N |
+------+-------------------------------------------+------+-------------+-------------+
1 row in set (0.00 sec)

In one command you can set password while creating user. The following command will crate a user arju2 and password is test in the host localhost. Both password, username and hostname should be within single quote.

mysql> create user 'arju2'@'localhost' identified by 'test';
Query OK, 0 rows affected (0.00 sec)

mysql> select user,password, host, select_priv, insert_priv from mysql.user where user='arju2';
+-------+-------------------------------------------+-----------+-------------+-------------+
| user | password | host | select_priv | insert_priv |
+-------+-------------------------------------------+-----------+-------------+-------------+
| arju2 | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | localhost | N | N |
+-------+-------------------------------------------+-----------+-------------+-------------+
1 row in set (0.00 sec)

If you don't put username, host name and password within single quote syntax error will be resulted.

mysql> create user 'arju2'@'localhost' identified by test;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test' at line 1

An equivalent statement of setting password is issuing update statement.

mysql> UPDATE mysql.user SET Password=PASSWORD('test')
-> WHERE User='arju' AND Host='%';

Query OK, 0 rows affected (0.05 sec)
Rows matched: 1 Changed: 0 Warnings: 0

Changing via update and insert of the user table, it is necessary to use FLUSH PRIVILEGES to tell the server to reload the grant tables. Otherwise, the changes go unnoticed until you restart the server.

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.08 sec)

mysql> select user,password, host, select_priv, insert_priv from mysql.user where user='arju';
+------+-------------------------------------------+------+-------------+-------------+
| user | password | host | select_priv | insert_priv |
+------+-------------------------------------------+------+-------------+-------------+
| arju | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 | % | N | N |
+------+-------------------------------------------+------+-------------+-------------+
1 row in set (0.00 sec)

Now, have a look that connecting to mysql database as user arju will fail but arju2 will be successful.
D:\xampp\mysql\bin>mysql -u arju -ptest
ERROR 1045 (28000): Access denied for user 'arju'@'localhost' (using password: YES)

D:\xampp\mysql\bin>mysql -u arju2 -ptest
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select user();
+-----------------+
| user() |
+-----------------+
| arju2@localhost |
+-----------------+
1 row in set (0.00 sec)

Note that the 'arju'@'localhost' account can be used only when connecting from the local host. The 'arju'@'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.

You can check the privilege assigned for a user by issuing,

mysql> show grants for arju;
+-----------------------------------------------------------------------------------------------------+
| Grants for arju@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'arju'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+-----------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> show grants for arju2;
ERROR 1141 (42000): There is no such grant defined for user 'arju2' on host '%'
mysql> show grants for arju2@localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for arju2@localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'arju2'@'localhost' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

By default it is search for host '%'.

Way 02: With the grant option
To create a user named momin with password test2 and all privileges for a particular database called ecommerce issue,
mysql> grant ALL PRIVILEGES on ecommerce.* to 'momin'@'localhost' identified by 'test2';
Query OK, 0 rows affected (0.00 sec)

mysql> use mysql;
Database changed

mysql> select host, user from user where user='momin';
+-----------+-------+
| host | user |
+-----------+-------+
| localhost | momin |
+-----------+-------+
1 row in set (0.00 sec)

D:\xampp\mysql\bin>mysql -u momin -ptest2
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 32
Server version: 5.1.30-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ecommerce |
| test |
+--------------------+
3 rows in set (0.00 sec)

Here ecommerce database is shown as we have given permission.

Way 03: Using INSERT statement into Table mysql.user
You can also create user in mysql by simply INSERT a new row into mysql.user table. Note that creating user through INSERT statement needs to use FLUSH PRIVILEGES to tell the server to reload the grant tables. If we don't do that the changes go unnoticed until you restart the server. This restriction is not applicable in CREATE USER statement.
Insert statement can be issued in two ways. One way to create user robert,

mysql> use mysql;
Database changed

mysql> INSERT INTO user SET Host='localhost',User='robert', Password=password('test');
Query OK, 1 row affected, 3 warnings (0.00 sec)

Alternative way of creating user richard is,

mysql> INSERT INTO user (Host,User,Password)
-> VALUES('localhost','richard',password('test'));

Query OK, 1 row affected, 3 warnings (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

Check by,

mysql> select user, host, password from user where user in('robert','richard');
+---------+-----------+-------------------------------------------+
| user | host | password |
+---------+-----------+-------------------------------------------+
| robert | localhost | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
| richard | localhost | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
+---------+-----------+-------------------------------------------+
2 rows in set (0.01 sec)

See that while setting password we used the PASSWORD() function with INSERT in order to encrypt the password. But with the CREATE USER statement it was unnecessary as create user statement automatically encrypts the password.

How to Fix Cpanel/WHM quota

To Fix Common reasons for quota problems

Run the following command as root user.

/scripts/fixquotas

Try finding other files owned by the user.

find -user username > /tmp/username.txt

This will list all files owned by this user that could be affecting the quota reported by Cpanel.

Cpanel/WHM sometimes has problems with the user quota files causing all users accounts to have unlimited disk space available or 0 megs of disk space in use.

*To enable user quota support on a file system, add "usrquota" to the fourth field containing the word "defaults".

If you need both user quota and group quota support on a file system?, then edit /etc/fstab

...
/dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1

touch /partition/aquota.user

chmod 600 /partition/aquota.user

Re-boot or re-mount file partition with quotas.

From the Linux Man Pages:

quotacheck - scan a filesystem for disk usage, create, check and repair quota files.

quotacheck -vgum /partition
or
quotacheck -vguma

-v, --verbose
quotacheck reports its operation as it progresses. Normally it operates silently. If the option is specified twice, also the current directory is printed (note that printing can slow down the scan measurably).

-u, --user
Only user quotas listed in /etc/mtab or on the filesystems specified are to be checked. This is the default action.

-g, --group
Only group quotas listed in /etc/mtab or on the filesystems specified are to be checked.

-m, --no-remount
Don't try to remount filesystem read-only. See comment with option -M.

-a, --all
Check all mounted non-NFS filesystems in /etc/mtab

NOTE
quotacheck should only be run by super-user. Non-privileged users are presumably not allowed to read all the directories on the given filesystem.

FILES

aquota.user or aquota.group : located at filesystem root with quotas (version 2 quota, non-XFS filesystems)

quota.user or quota.group :located at filesystem root with quotas (version 1 quota, non-XFS filesystems)
/etc/mtab names and locations of mounted filesystems


Example Steps for /home partition:

1. First check whether quota is enabled for /home partition.

# vi /etc/fstab

LABEL=/home /home ext3 defaults,usrquota 1 2

2. Remount the /home partition

# mount -o remount /home

3. Create a file called aquota.user for which we need to run quotacheck.

# quotacheck -c /home

4. Enable quota

# quotaon /home

This will enable quota on /home. Now you can edit the quota of a user using.

# edquota

5) Run /scripts/fixquotas this will solve the quota issue of cpanel accounts.

# /scripts/fixquotas

6) After this `repquota -a` should print out the soft/hard limits with grace periods for all users. If quotas are still not reporting anything in WHM and/or CPanel, check

# repquota -a

7) /var/cpanel/cpanel.config for disablequotacache=0

If that is set to 0, try setting it to 1 and see if that fixes it.

# vi /var/cpanel/cpanel.config ; /scripts/fixquotas

8) If a user’s quota shows more space being used than is in their home directory chances are there are stray files on the system owned by their UID. To find these files, run the following as root:

#
find -user username > /tmp/username.txt

Hope this helps.