3

On a webserver there is a MySQL-service running, providing databases for the users of the server. Each user has it's own DB and it's own password and the right so INSERT/SELECT/UPDATE/DROP tables in it's own DB, but nothing more.

However, i want to give the user the privilege to UPDATE his own password. I've read "12.4.1.3. GRANT Syntax" from the MySQL 5.1 documentation. But i didn't found a way to grant the user the privilege to change his password, without granting full UPDATE-access to the mysql.user-table.

Maybe there is also a way to synchronize the passwords in /etc/shadow along with the passwords in mysql.user, so, each time when the user changes his password in Linux, the MySQL-password is also altered.

Regards Macs

Sebastian Dressler
  • 133
  • 1
  • 4

2 Answers2

8

I don't think you need a special permission for doing that.
I just created a new user (GRANT USAGE only) and was able to change my password via:

SET PASSWORD = password('bla');
faker
  • 17,326
  • 2
  • 60
  • 69
  • Hm, one of my students tried this today, without success. I just tried it with success. I'll write him that he shall try it again. Thanks. – Sebastian Dressler Oct 08 '10 at 18:46
  • 2
    2019 update: the current syntax is `SET PASSWORD = 'bla'`. https://dev.mysql.com/doc/refman/8.0/en/set-password.html – incidentist Oct 30 '19 at 23:50
0

GRANT UPDATE will basically allow that user to update the mysql table which is a bad thing to do. i would suspect a script is needed here - if you want to sync with the linux system password too then I would suspect you need a wrapper script which takes a password, changes linux password and then updates the mysql password too - you'd need and executable but not readable permission set on this file I should think or hide it behind a web interface.

Khushil
  • 553
  • 3
  • 11