在Arch Linux上使用MySQL 5.5时,当我创建一个具有密码的localhost用户并将其赋予所有表的所有特权,然后删除该用户时,我仍然可以以该用户身份登录而无需输入密码.
重现步骤:
# mysql -u root -h localhost -p
Enter password: <root password>
mysql> create user 'test'@'localhost' identified by 'testing123';
mysql> grant all on *.* to 'test'@'localhost' identified by 'testing123';
mysql> select * from mysql.user where user='test';
1 row in set (0.00 sec)
mysql> exit
# mysql -u test -h localhost -p
Enter password: testing123
mysql> show databases;
mysql> exit
# mysql -u root -h localhost -p
Enter password: <root password>
mysql> delete from mysql.user where user='test';
Query OK, 1 row affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
mysql> select * from mysql.user where user='test';
Empty set (0.00 sec)
mysql> exit
# mysql -u test -h localhost
mysql> (Why?)
不仅如此,“不存在”的测试用户仍然可以行使所有相同的特权.主要安全问题.如果我重新启动服务器,它仍然允许我不用密码登录.
解决方法:
我终于知道发生了什么事.默认情况下,在用户表中有一个匿名用户@ localhost.该用户将自动与任何尝试的用户名匹配,并以该匿名用户身份登录.我知道有点奇怪.要摆脱匿名用户,请以root用户身份登录并执行以下命令:
drop user ''@localhost;