I created a user with user name user_dev. Then created a database sampledb and granted some privileges to this user on this database. Then I decided to edit username and changed it to user_local, and granted same privileges to this new name on same database.
Now both user_dev and user_local are able to login, but user_dev has no access to sampledb and privileges for user_local are correct.
SELECT `user` FROM `mysql`.`user`
does not show user_dev.
My question is, why user_dev is still able to login? Should I take any more steps to prevent this user from loging in?
Best Answer
There are several possibilities:
If you edited the privileges manually, you need to execute:
To reload the privileges cache on memory (needed to speedup the checks on every query).
If you edited the privileges manually, you may have omitted an entry. Do not trust the
SHOW GRANTS FOR
, because it may omit the privileges edited directly on tables. Make sure that there are nouser_dev
not only on the user table, but on all these.The fact that there is no
user_dev
user literally does not mean that auser_dev
user cannot login. I will explain myself. The user that you submit is compared against the user privileges tables, so user_dev (let's say that is on localhost) matches:In fact, by default, anonymous users from localhost can login, and all users can read and write on the test database. Run mysql_secure_installation to avoid that.