The Bugzilla Guide
PrevAppendix C. The Bugzilla DatabaseNext

C.3. MySQL Permissions & Grant Tables

Note

The following portion of documentation comes from my answer to an old discussion of Keystone, a cool product that does trouble-ticket tracking for IT departments. I wrote this post to the Keystone support group regarding MySQL grant table permissions, and how to use them effectively. It is badly in need of updating, as I believe MySQL has added a field or two to the grant tables since this time, but it serves as a decent introduction and troubleshooting document for grant table issues. I used Keynote to track my troubles until I discovered Bugzilla, which gave me a whole new set of troubles to work on : ) Although it is of limited use, it still has SOME use, thus it's still included.

Please note, however, that I was a relatively new user to MySQL at the time. Some of my suggestions, particularly in how to set up security, showed a terrible lack of security-related database experience.

From matt_barnson@singletrac.com Wed Jul  7 09:00:07 1999
Date: Mon, 1 Mar 1999 21:37:04 -0700 
From: Matthew Barnson matt_barnson@singletrac.com
To: keystone-users@homeport.org
Subject: [keystone-users] Grant Tables FAQ

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "US-ASCII" character set]
    [Some characters may be displayed incorrectly]

Maybe we can include this rambling message in the Keystone FAQ?  It gets
asked a lot, and the only option current listed in the FAQ is
"--skip-grant-tables".

Really, you can't go wrong by reading section 6 of the MySQL manual, at
http://www.mysql.com/Manual/manual.html.  I am sure their description is
better than mine.

MySQL runs fine without permissions set up correctly if you run the mysql
daemon with the "--skip-grant-tables" option.  Running this way denies
access to nobody.  Unfortunately, unless you've got yourself firewalled it
also opens the potential for abuse if someone knows you're running it.

Additionally, the default permissions for MySQL allow anyone at localhost
access to the database if the database name begins with "test_" or is named
"test" (i.e. "test_keystone").  You can change the name of your database in
the keystone.conf file ($sys_dbname).  This is the way I am doing it for
some of my databases, and it works fine.

The methods described below assume you're running MySQL on the same box as
your webserver, and that you don't mind if your $sys_dbuser for Keystone has
superuser access.  See near the bottom of this message for a description of
what each field does.

Method #1:

1.  cd /var/lib
#location where you'll want to run /usr/bin/mysql_install_db shell
script from to get it to work.

2.  ln -s mysql data  
# soft links the "mysql" directory to "data", which is what
mysql_install_db expects.  Alternately, you can edit mysql_install_db and
change all the "./data" references to "./mysql".

3.  Edit /usr/bin/mysql_install_db with your favorite text editor (vi,
emacs, jot, pico, etc.)
A)  Copy the "INSERTr  ancient and noble Native American tribe, but instead derived its name from the fact that it was "a patchy" version of the original NCSA world-wide-web server.

B

Bug

A "Bug" in Bugzilla refers to an issue entered into the database which has an associated number, assignments, comments, etc. Some also refer to a "tickets" or "issues"; in the context of Bugzilla, they are synonymous.

Bug Number

Each Bugzilla Bug is assigned a number that uniquely identifies that Bug. The Bug associated with a Bug Number can be pulled up via a query, or easily from the very front page by typing the number in the "Find" box.

Bug Life Cycle

A Bug has stages through which it must pass before becoming a "closed bug", including acceptance, resolution, and verification. The "Bug Life Cycle" is moderately flexible according to the needs of the organization using it, though.

Bugzilla

Bugzilla is the industry-standard bug tracking system. It is quite popular among Open Source enthusiasts.

Component

A Component is a subsection of a Product. It should be a narrow category, tailored to your organization. All Products must contain at least one Component (and, as a matter of fact, creating a Product with no Components will create an error in Bugzilla).

CPAN

CPAN stands for the "Comprehensive Perl Archive Network". CPAN maintains a large number of extremely useful Perl modules. By themselves, Perl modules generally do nothing, but when used as part of a larger program, they provide much-needed algorithms and functionality.

D

daemon

A daemon is a computer program which runs in the background. In general, most daemons are started at boot time via System V init scripts, or through RC scripts on BSD-based systems. mysqld, the MySQL server, and apache, a web server, are generally run as daemons.

Groups

The word "Groups" has a very special meaning to Bugzilla. Bugzilla's main security mechanism comes by lumping users into groups, and assigning those groups certain privileges to Products and Components in the Bugzilla database.

I

Infinite Loop

A loop of information that never ends; see recursion.

M

mysqld

mysqld is the name of the daemon for the MySQL database. In general, it is invoked automatically through the use of the System V init scripts on GNU/Linux and AT&T System V-based systems, such as Solaris and HP/UX, or through the RC scripts on BSD-based systems.

P

Product

A Product is a broad category of types of bugs. In general, there are several Components to a Product. A Product also defines a default Group (used for Bug Security) for all bugs entered into components beneath it.

Example 1. A Sample Product

A company sells a software product called "X". They also maintain some older software called "Y", and have a secret project "Z". An effective use of Products might be to create Products "X", "Y", "Z", each with Components of User Interface, Database, and Business Logic. They might also change group permissions so that only those people who are members of Group "Z" can see components and bugs under Product "Z".

Perl

First written by Larry Wall, Perl is a remarkable program language. It has the benefits of the flexibility of an interpreted scripting language (such as shell script), combined with the speed and power of a compiled language, such as C. Bugzilla is maintained in Perl.

Q

QA

"QA", "Q/A", and "Q.A." are short for "Quality Assurance". In most large software development organizations, there is a team devoted to ensuring the product meets minimum standards before shipping. This team will also generally want to track the progress of bugs over their life cycle, thus the need for the "QA Contact" field in a Bug.

R

Recursion

The property of a function looking back at itself for something. "GNU", for instance, stands for "GNU's Not UNIX", thus recursing upon itself for definition. For further clarity, see Infinite Loop.

S

SGML

SGML stands for "Standard Generalized Markup Language". Created in the 1980's to provide an extensible means to maintain documentation based upon content instead of presentation, SGML has withstood the test of time as a robust, powerful language. XML is the "baby brother" of SGML; any valid XML document it, by definition, a valid SGML document. The document you are reading is written and maintained in SGML, and is also valid XML if you modify the Document Type Definition.

T

Target Milestone

Target Milestones are Product goals. They are configurable on a per-Product basis. Most software development houses have a concept of "milestones" where the people funding a project expect certain functionality on certain dates. Bugzilla facilitates meeting these milestones by giving you the ability to declare by which milestone a bug will be fixed, or an enhancement will be implemented.

Z

Zarro Boogs Found

This is the cryptic response sent by Bugzilla when a query returned no results. It is just a goofy way of saying "Zero Bugs Found".

PrevHome 
How to use this License for your documents