Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"need all privileges" error message is difficult to investigate #280

Open
mrigger opened this issue May 6, 2021 · 0 comments
Open

"need all privileges" error message is difficult to investigate #280

mrigger opened this issue May 6, 2021 · 0 comments

Comments

@mrigger
Copy link

mrigger commented May 6, 2021

I wanted to start experimenting with SOAR, and started by connecting it to a MySQL database after creating a new user:

CREATE USER 'soar'@'localhost' IDENTIFIED BY 'soar';
GRANT ALL PRIVILEGES ON *.* TO 'soar'@'localhost';
FLUSH PRIVILEGES;

I then issued the following command:

echo "select * FROM t0;" | ./soar -test-dsn="soar:[email protected]:3306/test" -allow-online-as-test  -check-config
test-dsn: soar:password@tcp(127.0.0.1:3306)/test?charset=utf8, need all privileges

I didn't really know how to proceed from there, since the "need all privileges" information message did not help me much. I eventually found a useful hint by adjusting the log level ( -log-level 7) and noticing the following log entry:

2021/05/06 21:23:21.466 [D] [mysql.go:92]  Execute SQL with DSN(127.0.0.1:3306/test) : select concat(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv,Create_role_priv,Drop_role_priv) from mysql.user where user='soar' and host='localhost'

As indicated by the output below, the Grant_priv was missing. I could address this by setting the privileges with GRANT ALL PRIVILEGES ON *.* TO 'soar'@'localhost' WITH GRANT OPTION;, after which connecting to the database worked.

+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| concat(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| YYYYYYYYYYNYYYYYYYYYYYYYYYYYYYY                                                                                                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)

Perhaps, if the connection fails, the output from the query above could be parsed and used to create an informative error message? I think this could greatly help other users that want to test SOAR and don't use the WITH GRANT option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant