[MDEV-13486] Make mysql_install_db create a real ''@'%' anonymous account for the test database Created: 2017-08-09 Updated: 2022-10-21 Resolved: 2022-10-21 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System, Scripts & Clients |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Major |
| Reporter: | Geoff Montee (Inactive) | Assignee: | Sergei Golubchik |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | privileges | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
Currently, mysql_install_db provides default access to the test database by inserting some rows into the mysql.db table for the ''@'%' user account, but it does not insert any rows into the mysql.user table for that user account. For example:
These rows are currently inserted by the scripts/mysql_test_db.sql script: https://github.com/MariaDB/server/blob/mariadb-10.4.8/scripts/mysql_test_db.sql#L18 This behavior is apparently an artifact of MySQL 3.22, which implemented privileges prior to the implementation of the GRANT statement. The effect of this is that mysql_install_db creates privileges for the ''@'%' user account, but the user account doesn't really exist from the perspective of other DCL statements like GRANT, CREATE USER, ALTER USER, and DROP USER. If someone tries to actually create a ''@'%' user account, then they will see errors that are difficult to interpret. For example:
We should probably fix scripts/mysql_test_db.sql, so that it creates a row in the mysql.user table for the ''@'%' user account. For now, this can be worked around by deleting the row in the mysql.db table and then executing FLUSH PRIVILEGES. For example:
And then the account can be created:
This is documented here: https://mariadb.com/kb/en/library/create-user/#fixing-a-legacy-default-anonymous-account |
| Comments |
| Comment by Sergei Golubchik [ 2017-08-10 ] | |||||||||||||||||||||||||
|
This is neither. You cannot create a user if there are already some privileges granted to this user. And in the default setup, ''@'%' has all privileges on test.*. This is how it always was, even in 3.22, before GRANT statement was implemented. So it's something that is not fully compatible with GRANT and cannot be created with GRANT — there is no row for ''@'%' in mysql.user table, but there is such a row in mysql.db table. Perhaps we should make it consistent and create a matching row in mysql.user too. | |||||||||||||||||||||||||
| Comment by Geoff Montee (Inactive) [ 2017-08-10 ] | |||||||||||||||||||||||||
Oh, interesting. You're right, this works if I delete those privileges:
That sounds like a reasonable fix to me. | |||||||||||||||||||||||||
| Comment by Ian Gilfillan [ 2018-10-24 ] | |||||||||||||||||||||||||
|
I have clarified the docs to explain this. I agree a matching row in mysql.user makes sense. This bug can either be renamed, or closed and a new task created. | |||||||||||||||||||||||||
| Comment by Sergei Golubchik [ 2019-04-10 ] | |||||||||||||||||||||||||
|
Hmm. If mysql_install_db will create such a user, it'll have to create it locked, otherwise it'll allow anonymous passwordless remote connections to the server. But even if locked, it'll be a catch-all account, so instead for an unexistent user name the error will be not "wrong password" anymore, but "account locked". I think that might be quite unexpected. | |||||||||||||||||||||||||
| Comment by Sergei Golubchik [ 2019-11-01 ] | |||||||||||||||||||||||||
|
Two other options:
| |||||||||||||||||||||||||
| Comment by Geoff Montee (Inactive) [ 2019-11-01 ] | |||||||||||||||||||||||||
I created | |||||||||||||||||||||||||
| Comment by Daniel Black [ 2021-06-08 ] | |||||||||||||||||||||||||
|
While waiting for
+ mysql_secure_installation changes to cope with old and new versions. | |||||||||||||||||||||||||
| Comment by Sergei Golubchik [ 2022-10-21 ] | |||||||||||||||||||||||||
|
Made obsolete by |