At Tue, 22 Sep 2009 09:09:15 +0200 CentOS mailing list <centos@xxxxxxxxxx> wrote: > > Hi, > > I've always been a bit puzzled by MySQL's initial setup. Right after > installing MySQL, no password is set, so that's the first thing I care > about. I know there's a way to do that with mysqldadmin, but hey, > different ways lead to Saint-Bauzille-de-Montmel. > > # chkconfig mysqld on > # service mysqld start > # mysql -u root > mysql> use mysql; > mysql> select user, host, password from user; > +------+-----------+----------+ > | user | host | password | > +------+-----------+----------+ > | root | localhost | | > | root | buildbox | | > | root | 127.0.0.1 | | > | | localhost | | > | | buildbox | | > +------+-----------+----------+ > 5 rows in set (0.00 sec) > > This shows that in my initial setup, I have no less than five initial > users. A root user for three different hosts (localhost, buildbox and > 127.0.0.1), and an empty user for two different hosts (localhost and > buildbox). > > I don't know if I'm expected to set five passwords (five times the same? > five different passwords?) for these five entities, but what I usually > do is just get rid of every initial user except root@localhost. In that > case: > > mysql> delete from user where user = ''; > Query OK, 2 rows affected (0.01 sec) > > mysql> select user, host, password from user; > +------+-----------+----------+ > | user | host | password | > +------+-----------+----------+ > | root | localhost | | > | root | buildbox | | > | root | 127.0.0.1 | | > +------+-----------+----------+ > 3 rows in set (0.00 sec) > > Here goes the empty user. Now for the remaining two: > > mysql> delete from user where host = 'buildbox'; > Query OK, 1 row affected (0.01 sec) > > mysql> delete from user where host = '127.0.0.1'; > Query OK, 1 row affected (0.00 sec) > > Which leaves me with only root@localhost: > > mysql> select user, host, password from user; > +------+-----------+----------+ > | user | host | password | > +------+-----------+----------+ > | root | localhost | | > +------+-----------+----------+ > 1 row in set (0.00 sec) > > And now I can define a password for that single initial user: > > mysql> set password for root@localhost = password('my_secret_password'); > > mysql> select user, host, password from user; > +------+-----------+------------------+ > | user | host | password | > +------+-----------+------------------+ > | root | localhost | 2d97271970b60f82 | > +------+-----------+------------------+ > 1 row in set (0.00 sec) > > mysql> quit; > > And from now on, I can safely connect to the MySQL monitor using mysql > -u root -p. > > I've done things like this for the past two or three years, and just now > I wonder: am I doing something silly here? After all, maybe these other > initial users have some obscure reason to be there in the first place? They are there to provide initial access to MySQL. It is *expected* as part of the post install process to do more or less what you just did. Each installation is 'unique' on some level. Sometimes an admin cannot access the machine locally or needs to admin the MySQL database remotely (this is the point of 'buildbox', which is just the network name for the machine you just installed MySQL on in this case). 'localhost' is just the *name* for the loopback address which is 127.0.0.1 -- MySQL is just 'dumb' WRT DNS. The anonymous user has limited access and is there for test purposes or for use as a 'guest' account (you might grant it read only access to some database for example, which would allow some application read access). There are some situations where this is usefull. There is a chapter in the MySQL reference manual that talks about this and explains the post install process. > > So I thought: why not ask? > > Niki > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller@xxxxxxxxxxxx -- http://www.deepsoft.com/ModelRailroadSystem/ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos