On a webserver there is a MySQL-service running, providing databases for the users of the server. Each user has it's own DB and it's own password and the right so INSERT/SELECT/UPDATE/DROP tables in it's own DB, but nothing more.
However, i want to give the user the privilege to UPDATE his own password. I've read "12.4.1.3. GRANT Syntax" from the MySQL 5.1 documentation. But i didn't found a way to grant the user the privilege to change his password, without granting full UPDATE-access to the mysql.user-table.
Maybe there is also a way to synchronize the passwords in /etc/shadow along with the passwords in mysql.user, so, each time when the user changes his password in Linux, the MySQL-password is also altered.
Regards Macs
I don't think you need a special permission for doing that.
I just created a new user (GRANT USAGE only) and was able to change my password via:
GRANT UPDATE will basically allow that user to update the mysql table which is a bad thing to do. i would suspect a script is needed here - if you want to sync with the linux system password too then I would suspect you need a wrapper script which takes a password, changes linux password and then updates the mysql password too - you'd need and executable but not readable permission set on this file I should think or hide it behind a web interface.