From 392a4dd68af1d02f6472a8c21583f78bf83fe7b4 Mon Sep 17 00:00:00 2001 From: Oliver Salzburg Date: Mon, 1 Jul 2019 19:55:33 +0200 Subject: [PATCH] Use specific privileges when creating admin Using the ALL shorthand can cause problems when not all privileges are available to the user. For example, AWS RDS MariaDB/MySQL will not grant the initial user account on an instance the SUPER privilege. While the user account is still valid for pretty much any task on the DB instance, it can not use the ALL shorthand when granting privileges to new users. By supplying a specific set of privileges, we work around this limitation without sacrificing functionality. Closes #16139 Signed-off-by: Oliver Salzburg --- lib/private/Setup/MySQL.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php index dd215f96cb..eb4fedefd4 100644 --- a/lib/private/Setup/MySQL.php +++ b/lib/private/Setup/MySQL.php @@ -79,7 +79,7 @@ class MySQL extends AbstractDatabase { try { //this query will fail if there aren't the right permissions, ignore the error - $query="GRANT ALL PRIVILEGES ON `$name` . * TO '$user'"; + $query="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `$name` . * TO '$user'"; $connection->executeUpdate($query); } catch (\Exception $ex) { $this->logger->logException($ex, [