Maatkit tools for database administrators

Order into Chaos

Displaying and Transferring Privileges

Staff and interns come and go, applications are retried, and you can soon forget former staff and their database access privileges. Some users don't immediately forget their passwords after leaving an organization, which can lead to a security risk. In another scenario, you might want to transfer the rights for one DBMS to another. The mk-show-grants tool lets you query the privileges you have granted in just a couple of seconds.

The results of the query are a list of SQL instructions, just like with many other Maatkit tools. In the case of more extensive DBMSs, you can send the output to a comma-separated list, restrict the list to privileges for specific users (--only), or exclude users from the evaluation process (--ignore). The --revoke switch generates REVOKE instructions to match the GRANT instructions that it discovers (Figure 7)

Figure 7: The mk-show-grants command not only shows who has privileges for the DBMS but also gives you the SQL instructions to revoke them, if needed.

Conclusions

The tools I looked at in this article represent just a tiny subset of the Maatkit suite. For more information, you can browse Maatkit's documentation. All of the tools are based on production needs, have been tested multiple times, and can save administrators a huge amount of work.

Infos

Maatkit http://www.maatkit.org
MySQL: http://www.mysql.com
PostgreSQL: http://www.postgresql.org
"Memcached" by Tim Schürmann, Linux Magazine , November 2009, pg. 28, http://www.linux-magazine.com/Issues/2009/108/Memcached
"MySQL Forks und Patches" by Caspar Clemens Mierau, Admin Network & Security , Issue 01, pg. 20

The Author

Falko Benthin is a student of medical informatics at HTW Berlin and a member of various NGOs. In his free time, he loves reading and blogging on ebook readers and other topics on http://www.e-leseratte.de.

« Previous 1 2 3