8.8. mysqlaccess — Client for Checking Access Privileges

mysqlaccess is a diagnostic tool that Yves Carlier has provided for the MySQL distribution. It checks the access privileges for a hostname, username, and database combination. Note that mysqlaccess checks access using only the user, db, and host tables. It does not check table, column, or routine privileges specified in the tables_priv, columns_priv, or procs_priv tables.

Invoke mysqlaccess like this:

shell> mysqlaccess [host_name [user_name [db_name]]] [options]

mysqlaccess understands the following options:

--help, -?
Display a help message and exit.
--brief, -b
Generate reports in single-line tabular format.
--commit
Copy the new access privileges from the temporary tables to the original grant tables. The grant tables must be flushed for the new privileges to take effect. (For example, execute a mysqladmin reload command.)
--copy
Reload the temporary grant tables from original ones.
--db=db_name, -d db_name
Specify the database name.
--debug=N
Specify the debug level. N can be an integer from 0 to 3.
--host=host_name, -h host_name
The hostname to use in the access privileges.
--howto
Display some examples that show how to use mysqlaccess.
--old_server
Assume that the server is an old MySQL server (before MySQL 3.21) that does not yet know how to handle full WHERE clauses.
--password[=password], -p[password]
The password to use when connecting to the server. If you omit the password value following the --password or -p option on the command line, you are prompted for one.
Specifying a password on the command line should be considered insecure. See Section 5.9.6, “Keeping Your Password Secure”.
--plan
Display suggestions and ideas for future releases.
--preview
Show the privilege differences after making changes to the temporary grant tables.
--relnotes
Display the release notes.
--rhost=host_name, -H host_name
Connect to the MySQL server on the given host.
--rollback
Undo the most recent changes to the temporary grant tables.
--spassword[=password], -P[password]
The password to use when connecting to the server as the superuser. If you omit the password value following the --password or -p option on the command line, you are prompted for one.
Specifying a password on the command line should be considered insecure. See Section 5.9.6, “Keeping Your Password Secure”.
--superuser=user_name, -U user_name
Specify the username for connecting as the superuser.
--table, -t
Generate reports in table format.
--user=user_name, -u user_name
The username to use in the access privileges.
--version, -v
Display version information and exit.

If your MySQL distribution is installed in some non-standard location, you must change the location where mysqlaccess expects to find the mysql client. Edit the mysqlaccess script at approximately line 18. Search for a line that looks like this:

$MYSQL     = '/usr/local/bin/mysql';    # path to mysql executable

Change the path to reflect the location where mysql actually is stored on your system. If you do not do this, a Broken pipe error will occur when you run mysqlaccess.