New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimal SQL database privileges #648
Comments
Which permissions do you have in mind? To install apps and for upgrades, you probably need quite extensive permissions. You could ask for an additional mysql user to be set up for administrative tasks. If possible, I would use a database exclusively for Nextcloud and put other services on different DBs. You could limit queries, updates and the number of connections but with that you risk to have some strange effect if you hit these limits so you must monitor your server carefully. |
I guess I'm expecting something like Drupal does.
At the database level, MySQL/MariaDB supports:
Does Nextcloud really need database level privileges like I understand that different apps may require different privileges and that you don't have control on that. I'm thus only asking for the minimal required privileges for Nextcloud itself - minus all apps - to work correctly. |
You are probably right that we have similar requirements for the database like drupal. @nickvergessen can you confirm that? |
The nice folks over at the KanBoard project replied to a similar request I made: kanboard/kanboard#3699 (comment) Maybe the Nextcloud permission set is the same? |
I think the drupal one looks good. But I didn't check the code if that fully covers everything we do. |
Good to know! My PHP level is not good enough for me to go through the code though. I've set the Drupal permissions on my personal instance and I did not have any problems doing basic tasks and installing / removing apps. I'll wait until the next Nextcloud update to see if the upgrade goes well, and if it's the case I'll close this issue and create a PR on the documentation. |
Well, I updated to |
grant minimal sql privileges instead of granting all of them (fix #648)
Hi!
The nextcloud documentation states that all privileges on the database should be granted to the nextcloud user:
I was wondering what are the true minimal SQL privileges nextcloud needs to run normally.
I don't normally like to grant all privileges for security reasons and would really appreciate it if you could publish a minimal SQL database privileges list.
The text was updated successfully, but these errors were encountered: