mysql-server ships with user *

Jeroen Ooms jeroen.ooms at stat.ucla.edu
Wed May 2 22:14:07 UTC 2012


After upgrading to Ubuntu 12.04 my install script broke, which turns
out to be related to the default * users in MysQL. When I installed
mysql-server on a brand new fresh Ubuntu 12.04 install, it had two
'wildcard' users, which wasn't the case on 11.10 / 5.0:

mysql> select host, user from mysql.user;
+---------------+------------------+
| host          | user             |
+---------------+------------------+
| 127.0.0.1     | root             |
| ::1           | root             |
| jeroen-ubuntu |                  |
| jeroen-ubuntu | root             |
| localhost     |                  |
| localhost     | debian-sys-maint |
| localhost     | root             |
+---------------+------------------+
7 rows in set (0.00 sec)

These wildcard users allow a client to login with an arbitrary
username. However, it will also match for any existing user. Hence a
problem occurs after additional users are inserted into the table:

INSERT INTO mysql.user
VALUES('%','myroot','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
FLUSH PRIVILEGES;

When logging in with user 'myroot', it is first matched to the
wildcard user and hence logged in as user ""@"localhost" instead of
"myroot"@"localhost". The problem can be avoided by deleting this
wildcard users from mysql.user.

I suspect that more people are running into this problem. What is the
intention of including this wildcard user? Is there any way I can
force mysql client to login with "myroot"@"localhost" instead of
""@"localhost"? I want my install script to work on general machines
but I don't want to just start removing pre-existing users...




More information about the Ubuntu-devel-discuss mailing list