[CentOS] MySQL setup: initial user weirdness

Robert Heller heller at deepsoft.com
Tue Sep 22 12:52:38 UTC 2009


At Tue, 22 Sep 2009 09:09:15 +0200 CentOS mailing list <centos at centos.org> wrote:

> 
> Hi,
> 
> I've always been a bit puzzled by MySQL's initial setup. Right after 
> installing MySQL, no password is set, so that's the first thing I care 
> about. I know there's a way to do that with mysqldadmin, but hey, 
> different ways lead to Saint-Bauzille-de-Montmel.
> 
> # chkconfig mysqld on
> # service mysqld start
> # mysql -u root
> mysql> use mysql;
> mysql> select user, host, password from user;
> +------+-----------+----------+
> | user | host      | password |
> +------+-----------+----------+
> | root | localhost |          |
> | root | buildbox  |          |
> | root | 127.0.0.1 |          |
> |      | localhost |          |
> |      | buildbox  |          |
> +------+-----------+----------+
> 5 rows in set (0.00 sec)
> 
> This shows that in my initial setup, I have no less than five initial 
> users. A root user for three different hosts (localhost, buildbox and 
> 127.0.0.1), and an empty user for two different hosts (localhost and 
> buildbox).
> 
> I don't know if I'm expected to set five passwords (five times the same? 
> five different passwords?) for these five entities, but what I usually 
> do is just get rid of every initial user except root at localhost. In that 
> case:
> 
> mysql> delete from user where user = '';
> Query OK, 2 rows affected (0.01 sec)
> 
> mysql> select user, host, password from user;
> +------+-----------+----------+
> | user | host      | password |
> +------+-----------+----------+
> | root | localhost |          |
> | root | buildbox  |          |
> | root | 127.0.0.1 |          |
> +------+-----------+----------+
> 3 rows in set (0.00 sec)
> 
> Here goes the empty user. Now for the remaining two:
> 
> mysql> delete from user where host = 'buildbox';
> Query OK, 1 row affected (0.01 sec)
> 
> mysql> delete from user where host = '127.0.0.1';
> Query OK, 1 row affected (0.00 sec)
> 
> Which leaves me with only root at localhost:
> 
> mysql> select user, host, password from user;
> +------+-----------+----------+
> | user | host      | password |
> +------+-----------+----------+
> | root | localhost |          |
> +------+-----------+----------+
> 1 row in set (0.00 sec)
> 
> And now I can define a password for that single initial user:
> 
> mysql> set password for root at localhost = password('my_secret_password');
> 
> mysql> select user, host, password from user;
> +------+-----------+------------------+
> | user | host      | password         |
> +------+-----------+------------------+
> | root | localhost | 2d97271970b60f82 |
> +------+-----------+------------------+
> 1 row in set (0.00 sec)
> 
> mysql> quit;
> 
> And from now on, I can safely connect to the MySQL monitor using mysql 
> -u root -p.
> 
> I've done things like this for the past two or three years, and just now 
> I wonder: am I doing something silly here? After all, maybe these other 
> initial users have some obscure reason to be there in the first place?

They are there to provide initial access to MySQL.  It is *expected* as
part of the post install process to do more or less what you just did. 
Each installation is 'unique' on some level.  Sometimes an admin cannot
access the machine locally or needs to admin the MySQL database
remotely (this is the point of 'buildbox', which is just the network
name for the machine you just installed MySQL on in this case). 
'localhost' is just the *name* for the loopback address which is
127.0.0.1 -- MySQL is just 'dumb' WRT DNS.  The anonymous user has
limited access and is there for test purposes or for use as a 'guest'
account (you might grant it read only access to some database for
example, which would allow some application read access).  There are
some situations where this is usefull.

There is a chapter in the MySQL reference manual that talks about this
and explains the post install process.

> 
> So I thought: why not ask?
> 
> Niki
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>                                                                                                  

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/
                                      



More information about the CentOS mailing list