Gentoo Archives: gentoo-user

From: kashani <kashani-list@××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Network access to MySQL
Date: Tue, 29 Apr 2008 17:25:03
Message-Id: 481759EB.9040306@badapple.net
In Reply to: [gentoo-user] Network access to MySQL by Peter Humphrey
1 Peter Humphrey wrote:
2 > Having just installed mysql on my server, I've found that I have to set
3 > bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to
4 > mysqld over the local network: leaving it at the default 127.0.0.1 causes
5 > connection requests to be rejected.
6 >
7 > Is there a more secure value for this parameter? I want to be able to
8 > connect over either of two network segments, 192.168.2.0/29 and
9 > 192.168.3.0/29, as well as locally on the server box. I've tried a compound
10 > setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the
11 > only setting I've found so far that lets me in.
12 >
13
14 I generally remove the bind setting so that Mysql listens on all IPs on
15 the box. You can then have firewall rules at your border or locally on
16 the box to control access to 3306. You can also set access on a per user
17 basis within mysql
18
19 GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
20 'your_user'@'localhost';
21 GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
22 'your_user'@'192.168.2.%';
23
24 and so on.
25
26 kashani
27 --
28 gentoo-user@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Network access to MySQL Mick <michaelkintzios@×××××.com>