LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page [SOLVED] can not grant access to mysql for remote users
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-30-2011, 01:03 AM   #1
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Rep: Reputation: 18
can not grant access to mysql for remote users

hello
I want to grant access to mysql for remote users I do this sort of things:
Quote:
1) GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*95013D13C503AF2768B878CC80E4B967037CB83C' WITH GRANT OPTION;
2) commenting bind-address in my.cnf
3) touch /etc/apparmor.d/disable/usr.sbin.mysqld
4) /etc/init.d/apparmor restart
5) service mysql restart
but from remote host :
Quote:
[root@localhost test]# mysql -u root -pmypass -h 192.168.8.111
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.8.111' (110)
what is wrong?
 
Old 05-30-2011, 01:35 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
did you do a "flush privileges" ??
 
Old 05-30-2011, 02:44 AM   #3
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
how?
 
Old 05-30-2011, 03:30 AM   #4
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
I did it but nothing changed:

Quote:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD '*95013D13C503AF2768B878CC80E4B967037CB83C' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
root@RAAD:~# service mysql restart
mysql start/running, process 31670
another thing that I have to say is that it take long time for client to say:
Quote:
[root@localhost test]# mysql -u root -pmypass -h 192.168.8.111 [[[[ after one minutes]]]]
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.8.111' (110)
 
Old 05-30-2011, 09:35 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Ahh, that's a socket issue, check for iptables blocking access and netstat -plnt to show what ports and ip's the service is listening on.
 
Old 05-31-2011, 12:47 AM   #6
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
this is my netstat -plnt :
Quote:
root@RA# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1293/slapd
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 4724/beam
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 1284/postgrey.pid -
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1198/amavisd (maste
tcp 0 0 127.0.0.1:137 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 192.168.8.111:137 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 127.0.0.1:138 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 192.168.8.111:138 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 31670/mysqld
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 192.168.8.111:139 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 4920/redis-server
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 4809/memcached
tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 1905/redis-server
tcp 0 0 127.0.0.1:6381 0.0.0.0:* LISTEN 4510/redis-server
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 26141/zarafa-gatewa
tcp 0 0 127.0.0.1:5038 0.0.0.0:* LISTEN 5052/asterisk
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN 4820/p3scan
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 26141/zarafa-gatewa
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5197/apache2
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN 5052/asterisk
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4982/zarafa-ical
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 4685/epmd
tcp 0 0 0.0.0.0:48052 0.0.0.0:* LISTEN 4724/beam
tcp 0 0 192.168.8.111:53 0.0.0.0:* LISTEN 31424/named
tcp 0 0 192.168.1.111:53 0.0.0.0:* LISTEN 31424/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 31424/named
tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 4724/beam
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1653/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2278/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 17807/cupsd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 4464/squid
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 4502/apache2
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1256/postgres
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 31424/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 4903/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4590/apache2
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1293/slapd
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 192.168.8.111:445 0.0.0.0:* LISTEN 17753/smbd
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 4724/beam
tcp 0 0 192.168.8.111:7777 0.0.0.0:* LISTEN 4724/beam
tcp6 0 0 :::389 :::* LISTEN 1293/slapd
tcp6 0 0 ::1:137 :::* LISTEN 17753/smbd
tcp6 0 0 fe80::21d:92ff:fe9b:137 :::* LISTEN 17753/smbd
tcp6 0 0 ::1:138 :::* LISTEN 17753/smbd
tcp6 0 0 fe80::21d:92ff:fe9b:138 :::* LISTEN 17753/smbd
tcp6 0 0 ::1:139 :::* LISTEN 17753/smbd
tcp6 0 0 fe80::21d:92ff:fe9b:139 :::* LISTEN 17753/smbd
tcp6 0 0 :::53 :::* LISTEN 31424/named
tcp6 0 0 :::22 :::* LISTEN 2278/sshd
tcp6 0 0 ::1:631 :::* LISTEN 17807/cupsd
tcp6 0 0 ::1:5432 :::* LISTEN 1256/postgres
tcp6 0 0 ::1:953 :::* LISTEN 31424/named
tcp6 0 0 :::636 :::* LISTEN 1293/slapd
tcp6 0 0 ::1:445 :::* LISTEN 17753/smbd
tcp6 0 0 fe80::21d:92ff:fe9b:445 :::* LISTEN 17753/smbd
and this is my IP table out put:
Quote:
root@RA# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
inospoof all -- anywhere anywhere
iexternalmodules all -- anywhere anywhere
iexternal all -- anywhere anywhere
inoexternal all -- anywhere anywhere
imodules all -- anywhere anywhere
iintservs all -- anywhere anywhere
iglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
idrop all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fobjects all -- anywhere anywhere
fglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ointernal all -- anywhere anywhere
omodules all -- anywhere anywhere
oglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
odrop all -- anywhere anywhere

Chain drop (13 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain fdns (1 references)
target prot opt source destination

ACCEPT udp -- anywhere 4.2.2.4 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.4 state NEW tcp dpt:domain
ACCEPT udp -- anywhere 4.2.2.2 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.2 state NEW tcp dpt:domain

Chain fdrop (5 references)
target prot opt source destination
drop all -- anywhere anywhere

Chain ffwdrules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fglobal (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT all -- anywhere anywhere

Chain fmodules (1 references)
target prot opt source destination

Chain fnoexternal (1 references)
target prot opt source destination
fdrop all -- anywhere anywhere state NEW

Chain fnospoof (1 references)
target prot opt source destination
fdrop all -- localnet/24 anywhere
fdrop all -- 192.168.1.0/24 anywhere

Chain fobjects (1 references)
target prot opt source destination

Chain fredirects (1 references)
target prot opt source destination

Chain ftoexternalonly (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fdrop all -- anywhere anywhere

Chain idrop (4 references)
target prot opt source destination
drop all -- anywhere anywhere

Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
drop tcp -- anywhere anywhere tcp dpt:8110 state NEW
drop tcp -- anywhere anywhere tcp dpt:xmpp-client state NEW
drop tcp -- anywhere anywhere tcp dpt:5223 state NEW
drop tcp -- anywhere anywhere tcp dpt:4190 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW
drop udp -- anywhere anywhere udp dpts:10000:20000 state NEW
drop udp -- anywhere anywhere udp dpt:iax state NEW
drop udp -- anywhere anywhere udp dpt:sip state NEW
drop udp -- anywhere anywhere udp dpt:5036 state NEW
drop udp -- anywhere anywhere udp dpt:radius state NEW

Chain iexternalmodules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain iglobal (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8110 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:5223 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:4190 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3s state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:bootps state NEW
ACCEPT udp -- anywhere anywhere udp dpt:tftp state NEW
ACCEPT udp -- anywhere anywhere udp dpts:10000:20000 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:iax state NEW
ACCEPT udp -- anywhere anywhere udp dpt:sip state NEW
ACCEPT udp -- anywhere anywhere udp dpt:5036 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:radius state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ssn state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8888 state NEW
drop tcp -- anywhere anywhere tcp dpt:ldap state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW

Chain iintservs (1 references)
target prot opt source destination

Chain imodules (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3128

Chain inoexternal (1 references)
target prot opt source destination
idrop all -- anywhere anywhere state NEW

Chain inointernal (0 references)
target prot opt source destination

Chain inospoof (1 references)
target prot opt source destination
idrop all -- localnet/24 anywhere
idrop all -- 192.168.1.0/24 anywhere

Chain log (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain odrop (1 references)
target prot opt source destination
drop all -- anywhere anywhere

Chain oglobal (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW
ACCEPT all -- anywhere anywhere state NEW

Chain ointernal (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 4.2.2.4 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.4 state NEW tcp dpt:domain
ACCEPT udp -- anywhere 4.2.2.2 state NEW udp dpt:domain
ACCEPT tcp -- anywhere 4.2.2.2 state NEW tcp dpt:domain

Chain omodules (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-ns
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-dgm
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:netbios-ssn
ACCEPT udp -- anywhere anywhere state NEW udp spt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp spt:microsoft-ds
ACCEPT udp -- anywhere anywhere state NEW udp spt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere state NEW udp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
or

Quote:
root@RA# iptables -L | grep -E "mysql | 3306"
root@RA#
I do not find any thing.
What is wrong
Last edited by golden_boy615; 05-31-2011 at 12:49 AM.
 
Old 05-31-2011, 12:56 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
there is no permit on the INPUT chain for the IP you're using. use "iptables -vnL" for a better output, and you'll see the first ACCEPT there that permits everything will probably just be for lo, not eth0, so you'll need to add a rule for that.
 
Old 06-01-2011, 12:00 AM   #8
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
thanks it is solved
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how to grant access to a non root users to reboot,halt,configure date and .... golden_boy615 Linux - General 5 12-18-2010 01:26 AM
Seeking best method to grant remote secure, limited access to my Internet connection I Use Dial Linux - Networking 1 11-30-2010 03:00 PM
Error with MySQL Grant Command for other users JockVSJock Slackware 9 02-19-2006 03:37 PM
remote desktop in suse 9.1 - grant access each session? spankmeister7 Linux - Networking 1 08-05-2004 02:34 AM
grant telnet/ssl access to oly some users plisken Linux - General 3 02-21-2004 01:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:13 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration