Remove MySQL root after creating another user with all privileges

By Posted on

Question :

In this tutorial: link

After creating a new user with the privileges that I need, they recommend that I rename the root user to further ensure access, and a hacker, in addition to discovering the password, would have to find out the user.

Questions:

Since I created a new user and gave him all the privileges, do I still need root? Can not remove root and use only the new user I created?

If I remove the root user, do I need to remove the 3 that are registered in the User table (user table below)?

Why are 3 registered, not just 1? 

+------------------+-----------+-------------------------------------------+
| user             | host      | password                                  |
+------------------+-----------+-------------------------------------------+
| root             | localhost | *DE06E242B88EFB1FE4B5083587C260BACB2A6158 |
| piucco           | localhost | *D8DECEC305209EEFEC43008E1D420E1AA06B19E0 |
| root             | 127.0.0.1 | *DE06E242B88EFB1FE4B5083587C260BACB2A6158 |
| root             | ::1       | *DE06E242B88EFB1FE4B5083587C260BACB2A6158 |
| debian-sys-maint | localhost | *ECE81E38F064E50419F3074004A8352B6A683390 |
+------------------+-----------+-------------------------------------------+

    

Answer :

I recommend to replicate the users ( Host ) on all machines ( Users ), the default being: 

CREATE USER 'usuario'@'%' IDENTIFIED BY 'mypass';
GRANT USAGE ON *.* TO 'usuario'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'usuario'@'%';

CREATE USER 'usuario'@'localhost' IDENTIFIED BY 'mypass';
GRANT USAGE ON *.* TO 'usuario'@'localhost';
GRANT ALL PRIVILEGES ON *.* TO 'usuario'@'localhost';

CREATE USER 'usuario'@'127.0.0.1' IDENTIFIED BY 'mypass';
GRANT USAGE ON *.* TO 'usuario'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'usuario'@'127.0.0.1';

CREATE USER 'usuario'@'::1' IDENTIFIED BY 'mypass';
GRANT USAGE ON *.* TO 'usuario'@'::1';
GRANT ALL PRIVILEGES ON *.* TO 'usuario'@'::1';

Check with your application if there is another type of mask for hosts .
If you really want to remove the root just run the script below, letting you know that the process can not be reverted via command, I recommend to back up the folder before executing the procedure. 

DELETE FROM mysql.user WHERE  user = 'root';

If users are properly replicated with all privileges ( ALL PRIVILEGES ), the absence of the user named root does not affect anything at all, since it is the type of user that performs the action, not its name.

    

Leave a Reply

Your email address will not be published. Required fields are marked *