Table of Contents
Advertisement
• On Unix, each
root
by specifying the host name localhost, the IP address 127.0.0.1, or the actual host name or
IP address.
An attempt to connect to the host
However, this fails if the server is run with the
account is useful in that case.
127.0.0.1
• Some accounts are for anonymous users. These have an empty user name. The anonymous
accounts have no password, so anyone can use them to connect to the MySQL server.
• On Windows, there is one anonymous account that permits connections from the local host.
Connections can be made by specifying a host name of localhost. It has no global privileges.
(Before MySQL 5.0.36, it has all global privileges, just like the
• On Unix, each anonymous account permits connections from the local host. Connections can be
made by specifying a host name of
or IP address for the other.
To display which accounts exist in the
empty, use the following statement:
mysql>
SELECT User, Host, Password FROM mysql.user;
+------+--------------------+----------+
| User | Host
+------+--------------------+----------+
| root | localhost
| root | myhost.example.com |
| root | 127.0.0.1
|
| localhost
|
| myhost.example.com |
+------+--------------------+----------+
This output indicates that there are several
have passwords. The output might differ on your system, but the presence of accounts with empty
passwords means that your MySQL installation is unprotected until you do something about it:
• You should assign a password to each MySQL
• If you want to prevent clients from connecting as anonymous users without a password, you should
either assign a password to each anonymous account or else remove the accounts.
In addition, the
mysql.db
and other databases with names that start with test_. This is true even for accounts that otherwise
have no special privileges such as the default anonymous accounts. This is convenient for testing
but inadvisable on production servers. Administrators who want database access restricted only to
accounts that have permissions granted explicitly for that purpose should remove these
table rows.
The following instructions describe how to set up passwords for the initial MySQL accounts, first for
the
accounts, then for the anonymous accounts. The instructions also cover how to remove the
root
anonymous accounts, should you prefer not to permit anonymous access at all, and describe how to
remove permissive access to test databases. Replace
that you want to use. Replace
name from the output of the preceding
myhost.example.com.
Note
For additional information about setting passwords, see
"Assigning Account
it, see
Securing the Initial MySQL Accounts
account permits connections from the local host. Connections can be made
127.0.0.1
--skip-name-resolve
localhost
mysql.user
| Password |
|
|
|
|
|
|
|
|
root
table contains rows that permit all accounts to access the
with the name of the server host. You can determine this
host_name
statement. For the output shown,
SELECT
Passwords". If you forget your
Section C.5.4.1, "How to Reset the Root
139
normally resolves to the
root
for one of the accounts, or the actual host name
table and check whether their passwords are
and anonymous-user accounts, none of which
account.
root
in the examples with the password
newpwd
root
Password".
account.
localhost
[420]
option, so the
accounts.)
database
test
mysql.db
is
host_name
Section 6.3.5,
password after setting
Advertisement
Chapters
Table of Contents
Troubleshooting
