The new dbtool implemented as part of DomTool can now be used to create MySQL users and databases and the associated AFS directories. We still need to figure out how to allow users to drop tables from their databases without letting them drop the databases themselves. Since users retain permissions on a database even after it's dropped, the user could drop his database and recreate it on the partition where /var/lib/mysql lives, instead of in AFS.
We also need to work out exactly what hostname mask to use in creating users and granting them privileges.
Bugzilla says this isn't an issue anymore. dbtool runs mysql-fixperms now right? Or must a user tell dbtool to do this? -- RyanMikulovsky
No, dbtool doesn't run mysql-fixperms. We would never have created that script if it were possible to set up a database ahead of time so that these problems wouldn't apply to it. mysql-fixperms needs to do things to particular tables, and dbtool isn't run on table creation. --AdamChlipala