From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sat, 6 Nov 2021 19:29:31 +0000 (-0400)
Subject: mysql: revoke permissions when dropping database
X-Git-Tag: release_20211106-1
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain?ds=sidebyside

mysql: revoke permissions when dropping database

Grants are not automatically deleted. Also have to explicitly revoke
grant option or a "USAGE WITH GRANT OPTION" grant is left behind.
---

diff --git a/src/plugins/domtool-mysql b/src/plugins/domtool-mysql
index 0d1710e..4e549e6 100755
--- a/src/plugins/domtool-mysql
+++ b/src/plugins/domtool-mysql
@@ -42,7 +42,10 @@ case $1 in
 		DBNAME_BASE=$3
 		DBNAME="${USERNAME}_${DBNAME_BASE}"
 
+		sudo -H mysql -e "REVOKE ALL ON TABLE * FROM '$USERNAME'@$WHERE;" $DBNAME
+		sudo -H mysql -e "REVOKE GRANT OPTION ON TABLE * FROM '$USERNAME'@$WHERE;" $DBNAME
 		sudo -H mysql -e "DROP DATABASE $DBNAME;"
+
 	;;
 
 	grant)