Mariadb – worry that root user can login into MariaDB 10.5 without password

Some best practices:

• Create a DBA user for yourself. This should be the only user with "WITH GRANT OPTION" in their permissions. This should also be the only user with select privileges on *.* because that includes mysql.user.
• Every user should have their own username and password, no shared accounts. They should each have permissions to specific databases; again, not *.*.
• And then delete that shared root user.
• Don't let non-DBAs have root access on your db server.
• Symlink your ~/.mysql_history file to /dev/null and it won't record anything.

There are others; this will get you to a better place.

You can also write a little script that outputs the grants (e.g., using pt-show-grants) and diffs to the previous output, and then emails you when there's a difference.

btw, it's hard to have enough space to store a general log on an active production system. It can get very big very quickly.

The answer to this question should help you out:

$ sudo mysql -u root

[mysql] use mysql;
[mysql] update user set plugin='' where User='root';
[mysql] flush privileges;

In short, the new version of MariaDB checks to see what the system user is and only allows the actual system user root to log in to the DB user root. Disabling all plugins disables that functionality.