HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

MARIADB default users

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
sqlstackoverflowmysqldbamariadb
defaultusersmariadb

Problem

I just installed mariadb 10.6 and can't understand...

SELECT Host,User,Password FROM mysql.user;


  • mariadb.sys@localhost password is empty.



  • root@localhost password hashed.



  • mysql@localhost password has "invalid" value in cell.



SHOW CREATE USER 'mariadb.sys'@localhost\G;

CREATE USER `mariadb.sys`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE


SHOW CREATE USER 'root'@localhost\G;

CREATE USER `root`@`localhost` IDENTIFIED
VIA mysql_native_password USING '***' OR unix_socket


SHOW CREATE USER 'mysql'@localhost\G;

CREATE USER `mysql`@`localhost` IDENTIFIED
VIA mysql_native_password USING 'invalid' OR unix_socket


  • What for default users are?


root@localhost = for me, mariadb.sys@localhost = for mariadb.sys system, mysql@localhost = for mysql user and for linux system.

  • I used mysql_secure_installation command. Do i really need do anything else? Is everything OK with secure?



  • Can I delete mariadb.sys@localhost or mysql@localhost users?



  • Why do I need to setup password for mysql@localhost user?



  • "invalid" in password cell means not password, but mariadb "secure feature"?



  • ACCOUNT LOCK PASSWORD EXPIRE what is this?



  • As far as I understand I can't and I don't need to setup password for mariadb.sys@localhost?



Thank you!

Versions:

  • Kernel: linux510 (Linux 5.10.56-1)



  • Distro: Manjaro 21.1.0 (Arch Linux)



  • MariaDB Version: MariaDB 10.6.4

Solution

-

  • root@localhost - you, but its also helpful if this is there, unmodified (setting a password is ok - as you have done, but keep the OR unix_socket part for package updates



  • mariadb.sys@localhost this is the owner of the mysql.users compatibility view, which is why its account is locked/password expired.



  • mysql@localhost - I suspect this is some packaging decision to create this. It might be tied to logrotate or some monitoring system.



  • mysql_secure_installation - I can't tell if this changed anything from the default installation. Nothing else is needed.



  • No, don't delete these users. Understand why mysql@localhost exists, however its not usable by anything else, something needs to switch to the mysql unix user to be used.



  • you don't need to set a password for mysql@localhost.



  • invalid is a place holder of a hash that doesn't have a real password that maps to it. Its there so if a user desires, they can set a password on the account.



  • ACCOUNT LOCK is a locked account. PASSWORD EXPIRE is an expired password.



  • Changing mariadb.sys@localhost isn't needed. It is recommended you don't change this.

Context

StackExchange Database Administrators Q#298364, answer score: 5

Revisions (0)

No revisions yet.