search

matrixorigin / matrixone

Hyperconverged cloud-edge native database
https://docs.matrixorigin.cn/en
Apache License 2.0
1.79k stars 277 forks source link

[Bug]: cannot alter other user's password even `ALTER USER` priv is granted #15492

Closed aylei closed 3 weeks ago

aylei commented 7 months ago

Is there an existing issue for the same bug?

Branch Name

main, 1.1-dev

Commit ID

any

Other Environment Information

No response

Actual Behavior

mysql> create user test4 identified by '111';
Query OK, 0 rows affected (0.03 sec)

mysql> alter user test4 identified by '222';
ERROR 20101 (HY000): internal error: Operation ALTER USER failed for 'test4'@'%', don't have the privilege to alter

Expected Behavior

alter user test4 identified by '222'; should succeed

Steps to Reproduce

Run SQL as above.

Additional information

@LiSong0214 There is a special case is that if an user in account is granted the ALTER USER permission, can the user alter the password of accountadmin (especially "dump" and "root" and sys account)?

heni02 commented 3 weeks ago

confirm,closed commit:0a3d52f3f9b4c740744f8567e689fed784feffe5 heni@henideMacBook-Pro matrixone % mysql -h 127.0.0.1 -udump -P6001 -p111 mysql> create user test4 identified by '111'; Query OK, 0 rows affected (0.04 sec)

mysql> alter user test4 identified by '222'; Query OK, 0 rows affected (0.03 sec)

mysql> exit Bye heni@henideMacBook-Pro matrixone % mysql -h 127.0.0.1 -usys:test4 -P6001 -p222 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 28 Server version: 8.0.30-MatrixOne-v03523 MatrixOne

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>