Anonymous MySQL accounts allow clients to connect to the server without specifying a user name. To remove anonymous accounts, connect to the server as the MySQL root user to access the mysql database, then issue the following statements:
mysql> select user,host FROM user WHERE User = '';
+------+----------------------+
| user | host |
+------+----------------------+
| | localhost |
| | mk-myacct-dbmaster-1 |
+------+----------------------+
2 rows in set (0.00 sec)
mysql> DELETE FROM user WHERE User = '';
Query OK, 2 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
The DELETE statement removes accounts that have an empty value in the User column of the user table that lists MySQL accounts, and FLUSH PRIVILEGES tells the server to reload the grant tables so the changes take effect.
mysql> select user,host FROM user WHERE User = '';
Empty set (0.00 sec)
This is what mysql_secure_installation does. Be aware that the anonymous user might also be present in mysql.db and other privilege tables.
ReplyDelete