Topic on Project:Support desk

I'd like to grant the minimum necessary privileges for an existing wiki being moved to a new server. Which is best of the following?

• Manual:Installing_MediaWiki#Create_a_database: GRANT ALL
• Manual:Running_MediaWiki_on_Debian_or_Ubuntu#Get_latest_MediaWiki: GRANT ALL
• Manual:Restoring_a_wiki_from_backup#Re-create_the_database,_user_and_permissions: GRANT SELECT, UPDATE, INSERT, DELETE, ALTER, CREATE, INDEX, DROP, LOCK TABLES, USAGE
• Manual:Config_script#Using_the_config_script: "If you have superuser account of DB Server and will be using it on this form page then simply fill the db username that you would like to be created for your wiki. Otherwise, create the db user and ensure that the user has SELECT, INSERT, UPDATE, and DELETE permissions on the MediaWiki database. For installation the user must also have CREATE and INDEX permissions. It is strongly suggested that you do not use a superuser account since the user password is stored in plain text."

Thanks.

for normal use (not update.php) i would reccomend SELECT, INSERT, UPDATE, LOCK TABLES and DELETE. Pay attention to exceptions in case any errors happen.

Update.php needs much more rights.

Thanks. Would you change the database user's privileges before and after running update.php each time? Or is it possible to use a separate user for that script?

What do you do in practice? I'm tempted to leave it at GRANT ALL PRIVILEGES and trust in other things to keep the database secure...

See Manual:$wgDBadminuser

I think most people just do whatever the installer does. Big sites like wikipedia are a bit moe careful i think.

The big thing is you want to make sure that you dont have rights like "super" or "file", as they can be used to turn an sql injection vulnerability into a full server take over vulnerability (given how many things in db use php serialixation, that's probably a little moot, but still, don't want to make things easy)

Thanks for these replies. In the medium term I will use $wgDBadminuser (or --dbuser and --dbpass on the command line). In the short term I will leave $wgDBuser with ALL privileges. The biggest risk is probably me messing this up and I don't have time now to ensure I get it right :-)

Adding a note here for myself that ALL includes everything but GRANT (i.e. it includes SUPER and FILE). I wonder whether given this fact, the standard instructions shouldn't advise to GRANT ALL.