# HG changeset patch
# User Daniele Nicolodi <daniele@grinta.net>
# Date 1321526848 -3600
# Node ID 0c2936ea34bf2ab3c6a92cee08a8a45452631068
# Parent  f8f898b3905809ecdc7e335866aa1a39edf636f1
Document the unprivileged user possibility in the README.

diff -r f8f898b39058 -r 0c2936ea34bf README.rst
--- a/README.rst	Thu Nov 17 11:46:12 2011 +0100
+++ b/README.rst	Thu Nov 17 11:47:28 2011 +0100
@@ -60,7 +60,7 @@
 Chose a database name at will: this database will be created during
 the application initialization. The user used in the connection should
 be an user with administrative capabilities on the MySQL database,
-ordinarily the `root` user.
+ordinarily the `root` user [1].
 
 Remember to set an unique encryption key for the SECRET_KEY parameter.
 This key is used in the application for generating cryptographic
@@ -106,6 +106,40 @@
 and connect to it at the address http://localhost:5000/
 
 
+[1] An user with the the minimum set of privileges required for
+running the application may be obtained with the following SQL
+commands::
+
+    CREATE USER <username>@'localhost' IDENTIFIED BY <password>;
+
+    GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, CREATE VIEW,
+    CREATE USER ON *.* TO <username>@'localhost' WITH GRANT OPTION;
+
+    GRANT EXECUTE, CREATE TEMPORARY TABLES
+    ON <database>.* TO <username>@'localhost';
+
+However, due to MySQL server limitations, this minimum set of
+privileges allows the user to grant himself additional privileges, and
+more generally to modify MySQL administrative tables.  Therefore, this
+is not an effective protection from security issues.
+
+The initialization of the database and the upgrade procedure require
+additional privileges than the ones listed above. Therefore, the
+command line administration tool `install` and `upgrade` commands
+allow to connect to the database with a different user than the one
+specified in the configuration file, via the `--user` and `--password`
+parameters. Example::
+
+    # ./bin/admin install --user root --password <password>
+
+An user account with username and password specified in the
+configuration file, and with minimum privileges suitable for running
+the application, may be created during the database initialization
+procedure with the `--create-user` option of the `install` command::
+
+    # ./bin/admin install --create-user --user root --password <password>
+
+
 Deployment
 ----------