grooverdan
commented
1 year ago It comes down to that grant all gives all the database privileges but none of the global privileges which includes FILE.
A solution is that the sql files in init are processed by MARIADB_ROOT so can be used to give additional grants:
$ cat init/01.sql
GRANT FILE ON *.* TO bob@'%'And a creation script like yours in the initdb.d to create the DBF connect tables:
$ cat init/02.sh
#!/bin/sh
for f in /app/API/data/*.dbf; do
n=${f##*/}
n=${n%.dbf}
echo "create table $n engine=CONNECT table_type=DBF CHARSET=cp850 file_name=\"$f\" option_list=\"Accept=1\";"
done | mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$MARIADB_DATABASE"
According to https://github.com/MariaDB/mariadb-docker/blob/master/10.10/docker-entrypoint.sh#L362-L364 ALL privileges has been given to MARIADB_USER.
But accessing with MARIADB_USER on MARIADB_DATABASE to a CONNECT defined table will result into
#1227 - Access denied; you need (at least one of) the FILE privilege(s) for this operationas use of CONNECT engine database requires FILE privilege.Those CONNECT tables are created with a line like :
RUN ls *.dbf | sed 's/\(.*\)\.dbf/create table \1 engine=CONNECT table_type=DBF CHARSET=cp850 file_name=\"\/app\/API\/data\/&\" option_list="Accept=1";/' > api-ccam-create.sqland later will be transfered to the startup folder
RUN cp api-ccam-create.sql /docker-entrypoint-initdb.d/04-api-ccam.sqlUsing MARIADB_USER all non CONNECT table are able to be accessed other table (say InnoDB engine) but not the one using CONNECT engine. Attemps to perform GRANT FILE have all failled. Only workaround to date is to use MARIADB_ROOT user that can access both kind of tables without issues.