Secure Install Removed Root Accounts
Secure Install Removed Root Accounts
am 31.03.2010 00:25:37 von Carlos Williams
Today I installed MySQL 5.1.45-1 on my production server and it
recommended that I run the following:
/usr/bin/mysql_secure_installation
When I ran this, it simply guided me to do the following:
- set root password
- disable remote login for root
- remove 'anonymous' user accounts
- delete 'test' database
- reload privileges now
After doing all the above, I checked my user table and noticed that it
also removed 'root@127.0.0.1' & 'root@hostname' accounts. I recall
hearing from many admins that MySQL expects and needs there to be
three accounts for root. Them being 'localhost', 127.0.0.1, and
hostname. Is this false information?
mysql> select User, Password, Host from user;
+------+-------------------------------------------+-------- ---+
| User | Password | Host |
+------+-------------------------------------------+-------- ---+
| root | *951527F19014ABEFD0390B1409B4CCA97F86AE1F | localhost |
+------+-------------------------------------------+-------- ---+
1 row in set (0.00 sec)
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org
Re: Secure Install Removed Root Accounts
am 31.03.2010 09:07:04 von Johan De Meersman
--0016e68ee4b3c1895004831364e3
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Mar 31, 2010 at 12:25 AM, Carlos Mennens wrote:
> hearing from many admins that MySQL expects and needs there to be
> three accounts for root. Them being 'localhost', 127.0.0.1, and
> hostname. Is this false information?
>
Totally false. It's convenient, and probably all of their scripts depend on
it, but it's in no way necessary, and most certainly not without password.
Just make sure you have another admin account :-)
--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel
--0016e68ee4b3c1895004831364e3--
Re: Secure Install Removed Root Accounts
am 31.03.2010 09:17:36 von John Daisley
--0016e6dab0636ab4090483138a7a
Content-Type: text/plain; charset=ISO-8859-1
If you only want root to be able to log in locally then you only need
'root'@'localhost' unless you are using tcp connections.
regards
John
On Tue, Mar 30, 2010 at 11:25 PM, Carlos Mennens wrote:
> Today I installed MySQL 5.1.45-1 on my production server and it
> recommended that I run the following:
>
> /usr/bin/mysql_secure_installation
>
> When I ran this, it simply guided me to do the following:
>
> - set root password
> - disable remote login for root
> - remove 'anonymous' user accounts
> - delete 'test' database
> - reload privileges now
>
> After doing all the above, I checked my user table and noticed that it
> also removed 'root@127.0.0.1' & 'root@hostname' accounts. I recall
> hearing from many admins that MySQL expects and needs there to be
> three accounts for root. Them being 'localhost', 127.0.0.1, and
> hostname. Is this false information?
>
> mysql> select User, Password, Host from user;
> +------+-------------------------------------------+-------- ---+
> | User | Password | Host |
> +------+-------------------------------------------+-------- ---+
> | root | *951527F19014ABEFD0390B1409B4CCA97F86AE1F | localhost |
> +------+-------------------------------------------+-------- ---+
> 1 row in set (0.00 sec)
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>
>
--0016e6dab0636ab4090483138a7a--
Re: Secure Install Removed Root Accounts
am 31.03.2010 15:52:01 von Carlos Williams
On Wed, Mar 31, 2010 at 3:07 AM, Johan De Meersman wrote:
> On Wed, Mar 31, 2010 at 12:25 AM, Carlos Mennens
> wrote:
>>
>> hearing from many admins that MySQL expects and needs there to be
>> three accounts for root. Them being 'localhost', 127.0.0.1, and
>> hostname. Is this false information?
>
> Totally false. It's convenient, and probably all of their scripts depend on
> it, but it's in no way necessary, and most certainly not without password.
>
> Just make sure you have another admin account :-)
By 'another admin account' I assume you mean:
mysql> CREATE USER 'carlos'@'localhost' IDENTIFIED BY 'holla';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'carlos'@'localhost' WITH GRANT OPTION;
Is the above syntax correct for creating a user / admin account to use
rather than 'root'?
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org
Re: Secure Install Removed Root Accounts
am 31.03.2010 16:24:23 von Johan De Meersman
--001485e77336b86188048319808f
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Mar 31, 2010 at 3:52 PM, Carlos Mennens wrote:
> mysql> CREATE USER 'carlos'@'localhost' IDENTIFIED BY 'holla';
> mysql> GRANT ALL PRIVILEGES ON *.* TO 'carlos'@'localhost' WITH GRANT
> OPTION;
>
Pretty much. It's also a good idea to give that user SUPER privileges, as
that'll allow you to use the one spare connection that can't be used by
regular users when your connection pool fills up. It should be given with
"all privileges", but better safe than sorry :-p
--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel
--001485e77336b86188048319808f--