Setting the MySQL client as a user’s shell

Sometimes corporate firewalls can be a real headache for developers. We had a situation today in which we needed to provide read-only access to a MySQL database, but had only ssh to the machine. We have a very strict user policy, so weren’t prepared to provide a shell account.

One quick and cunning way to provide MySQL monitor access without opening up the firewall, or creating shell accounts is to create a user with /usr/bin/mysql as their shell.

Create a user with /usr/bin/mysql as the shell:

# useradd -m -s /usr/bin/mysql dev

# grep dev /etc/passwd

dev:x:500:500::/home/dev:/usr/bin/mysql

Drop a .my.cnf into the new user’s home directory

[client]

user=dev

password=m3g4s3cr3t

Create a user and grants in the mysql database

mysql> CREATE USER ‘dev’@’localhost’ IDENTIFIED BY ‘m3g4s3cr3t’;

mysql> GRANT SELECT ON *.* TO ‘dev’@’localhost’;

Now when a user connects to the machine as the dev user, over ssh, they drop straight into a mysql monitor, with restricted privileges.

Many thanks to James Sheridan for this tip.

Agile Sysadmin

Delivering value through web operations

Setting the MySQL client as a user’s shell

About Agile Sysadmin