MySQL: Why are there two roots localhost, and localhost.localdomain?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
MySQL: Why are there two roots localhost, and localhost.localdomain?
I installed MySQL recently. The first thing I did was try to change the password and remove anonymous login. However, when I select the user table, I notice that by default there are two root account and two anonymous accounts. One is for localhost and the other is for localhost.localdomain. I am not knowledgable about networking, what's the difference between localhost and localhost.domain?
is kind of like an alias, I might not try to explain it because I will get it wrong. However I wanted to tell you that you can easily automate the post-installation process by executing the mysql_secure_installation command from the shell. It's a text-wizard that automate the root password, delete test tables, etc.
I read through the documentation again. Basically, when you install MySQL, it actually creates two accounts. One is for access from the local machine, the other allow remote access. I assume that localhost is for local access and localhost.localdomain is for remote. You also have two accounts for anonymous login.
Note that this dual account only applies to Linux. When you install MySQL on windows, there is only one account.
I would also remove the remote root account for security. So you start with only a root user that can only access mysql from the machine itself.
Even then I think the best option is to go into the /etc/my.cf file and set the skip-networking.
Quote:
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
skip-networking
Even then I think the best option is to go into the /etc/my.cf file and set the skip-networking.
That's assuming that the web server is on the same machine as the MySQL? If that's the case, you can't turn off networking.
Reading through the documentation, one of the recommendation is to run MySQL under another account other than root. This account should have no file permission. That way when mysql is compromised, the attacker can't use the file functionality to get to the rest of the machine. I notice that on my system, mysqld is already running as the user mysql. Either MySQL install this by default or mysql_secure_installation command that Jzarecta mentioned install it that way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.