LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   MySQL: Why are there two roots localhost, and localhost.localdomain? (http://www.linuxquestions.org/questions/linux-server-73/mysql-why-are-there-two-roots-localhost-and-localhost-localdomain-546458/)

paulsiu 04-16-2007 08:30 AM

MySQL: Why are there two roots localhost, and localhost.localdomain?
 
I installed MySQL recently. The first thing I did was try to change the password and remove anonymous login. However, when I select the user table, I notice that by default there are two root account and two anonymous accounts. One is for localhost and the other is for localhost.localdomain. I am not knowledgable about networking, what's the difference between localhost and localhost.domain?

Paul

Jzarecta 04-16-2007 08:36 AM

is kind of like an alias, I might not try to explain it because I will get it wrong. However I wanted to tell you that you can easily automate the post-installation process by executing the mysql_secure_installation command from the shell. It's a text-wizard that automate the root password, delete test tables, etc.

paulsiu 04-16-2007 09:26 PM

I read through the documentation again. Basically, when you install MySQL, it actually creates two accounts. One is for access from the local machine, the other allow remote access. I assume that localhost is for local access and localhost.localdomain is for remote. You also have two accounts for anonymous login.

Note that this dual account only applies to Linux. When you install MySQL on windows, there is only one account.

Wim Sturkenboom 04-16-2007 10:06 PM

I would also remove the remote root account for security. So you start with only a root user that can only access mysql from the machine itself.

Jzarecta 04-17-2007 12:05 AM

Quote:

Originally Posted by Wim Sturkenboom
I would also remove the remote root account for security. So you start with only a root user that can only access mysql from the machine itself.

Even then I think the best option is to go into the /etc/my.cf file and set the skip-networking.

Quote:

# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
skip-networking

paulsiu 04-18-2007 07:25 AM

Quote:

Originally Posted by Jzarecta
Even then I think the best option is to go into the /etc/my.cf file and set the skip-networking.

That's assuming that the web server is on the same machine as the MySQL? If that's the case, you can't turn off networking.

Reading through the documentation, one of the recommendation is to run MySQL under another account other than root. This account should have no file permission. That way when mysql is compromised, the attacker can't use the file functionality to get to the rest of the machine. I notice that on my system, mysqld is already running as the user mysql. Either MySQL install this by default or mysql_secure_installation command that Jzarecta mentioned install it that way.

Paul

Wim Sturkenboom 04-18-2007 09:43 AM

To my knowledge, it is by default user/group mysql/mysql.


All times are GMT -5. The time now is 01:01 AM.