MARIADB default users

By Posted on

Question :

I just installed mariadb 10.6 and can’t understand…

SELECT Host,User,Password FROM mysql.user;
  1. mariadb.sys@localhost password is empty.
  2. root@localhost password hashed.
  3. mysql@localhost password has “invalid” value in cell.

SHOW CREATE USER ‘mariadb.sys’@localhostG;

CREATE USER `mariadb.sys`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE

SHOW CREATE USER ‘root’@localhostG;

CREATE USER `root`@`localhost` IDENTIFIED
VIA mysql_native_password USING '***' OR unix_socket

SHOW CREATE USER ‘mysql’@localhostG;

CREATE USER `mysql`@`localhost` IDENTIFIED
VIA mysql_native_password USING 'invalid' OR unix_socket
  1. What for default users are?
    root@localhost = for me, mariadb.sys@localhost = for mariadb.sys system, mysql@localhost = for mysql user and for linux system.
  2. I used mysql_secure_installation command. Do i really need do anything else? Is everything OK with secure?
  3. Can I delete mariadb.sys@localhost or mysql@localhost users?
  4. Why do I need to setup password for mysql@localhost user?
  5. “invalid” in password cell means not password, but mariadb “secure feature”?
  6. ACCOUNT LOCK PASSWORD EXPIRE what is this?
  7. As far as I understand I can’t and I don’t need to setup password for mariadb.sys@localhost?

Thank you!

Versions:

  • Kernel: linux510 (Linux 5.10.56-1)
  • Distro: Manjaro 21.1.0 (Arch Linux)
  • MariaDB Version: MariaDB 10.6.4

Answer :

  • root@localhost – you, but its also helpful if this is there, unmodified (setting a password is ok – as you have done, but keep the OR unix_socket part for package updates
  • mariadb.sys@localhost this is the owner of the mysql.users compatibility view, which is why its account is locked/password expired.
  • mysql@localhost – I suspect this is some packaging decision to create this. It might be tied to logrotate or some monitoring system.
  1. mysql_secure_installation – I can’t tell if this changed anything from the default installation. Nothing else is needed.
  2. No, don’t delete these users. Understand why mysql@localhost exists, however its not usable by anything else, something needs to switch to the mysql unix user to be used.
  3. you don’t need to set a password for mysql@localhost.
  4. invalid is a place holder of a hash that doesn’t have a real password that maps to it. Its there so if a user desires, they can set a password on the account.
  5. ACCOUNT LOCK is a locked account. PASSWORD EXPIRE is an expired password.
  6. Changing mariadb.sys@localhost isn’t needed. It is recommended you don’t change this.

Leave a Reply

Your email address will not be published. Required fields are marked *