mysql: revoke permissions when dropping database

[hcoop/domtool2.git] / src / plugins / domtool-mysql

diff --git a/src/plugins/domtool-mysql b/src/plugins/domtool-mysql
index cf75d1a..4e549e6 100755 (executable)
--- a/src/plugins/domtool-mysql
+++ b/src/plugins/domtool-mysql
@@ -21,10 +21,7 @@ case $1 in
                USERNAME=$2
                DBNAME_BASE=$3
                DBNAME="${USERNAME}_${DBNAME_BASE}"
-               DIR=/afs/hcoop.net/common/databases/${USERNAME:0:1}/${USERNAME:0:2}/$USERNAME/mysql
-
-               kinit -k -t /etc/keytabs/root.admin.keytab root/admin
-               aklog
+               DIR=/srv/databases/${USERNAME:0:1}/${USERNAME:0:2}/$USERNAME/mysql
 
                if [ ! -d $DIR ]; then
                        echo WARNING: $DIR must already exist!
@@ -34,8 +31,8 @@ case $1 in
                chown mysql:mysql $DIR/$DBNAME
                chmod 770 $DIR/$DBNAME
                ln -sf $DIR/$DBNAME /var/lib/mysql/$DBNAME
-               fs setacl -dir $DIR/$DBNAME/ -acl system:mysql all
-               sudo -H mysql -e "GRANT CREATE,CREATE TEMPORARY TABLE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME
+               chmod g+rw -R $DIR/$DBNAME/
+               sudo -H mysql -e "GRANT ALL ON TABLE * TO '$USERNAME'@$WHERE WITH GRANT OPTION;" $DBNAME
 
                sudo -H mysql -e "FLUSH PRIVILEGES;"
        ;;
@@ -45,7 +42,10 @@ case $1 in
                DBNAME_BASE=$3
                DBNAME="${USERNAME}_${DBNAME_BASE}"
 
+               sudo -H mysql -e "REVOKE ALL ON TABLE * FROM '$USERNAME'@$WHERE;" $DBNAME
+               sudo -H mysql -e "REVOKE GRANT OPTION ON TABLE * FROM '$USERNAME'@$WHERE;" $DBNAME
                sudo -H mysql -e "DROP DATABASE $DBNAME;"
+
        ;;
 
        grant)
@@ -53,7 +53,7 @@ case $1 in
                DBNAME_BASE=$3
                DBNAME="${USERNAME}_${DBNAME_BASE}"
 
-               sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME
+               sudo -H mysql -e "GRANT ALL ON TABLE * TO '$USERNAME'@$WHERE WITH GRANT OPTION;" $DBNAME
        ;;
 
        *)