Mysql – Why does CURRENT_USER() show the root@::1 when I login to MySQL

MySQLpassword

I've set 3 different passwords for the following accounts: 'root'@'localhost', 'root'@'127.0.0.1' and 'root'@'::1'.
By typing: mysql -u root -p I can only login with my 'root'@'::1' account password and CURRENT_USER() returns root::1. Why is that so? How can I login with the password that I set for the 'root'@'localhost' account?

Best Answer

I think the problem stems from how MySQL determines how to authenticate a user.

I mentioned this Jan 18, 2012 in MySQL error: Access denied for user 'a'@'localhost' (using password: YES)

I quote from MySQL 5.0 Certification Study Guide

enter image description here

Pages 486,487 state the following on mysql's authentication algorithm:

When the Host and the User values in more than one user table record match a client, the server must decide which one to use. It does this by sorting records with the most specific Host and User column values first, and choosing the matching record that occurs first in the sorted list, Sorting take place as follows:

In the Host Column, literal values such as localhost, 127.0.0.1, and myhost.example.com sort ahead of values such as %.example.com that have pattern characters in them. Pattern values are sorted according to how specific they are. For example, %.example.com is more specific than %.com, which is more specific than %.

Now look at the strings ::1 and localhost. What is the first letter's ASCII value of each ?

mysql> select ORD('::1'),ORD('locahost');
+------------+-----------------+
| ORD('::1') | ORD('locahost') |
+------------+-----------------+
|         58 |             108 |
+------------+-----------------+
1 row in set (0.00 sec)

mysql>

Since ::1 is alphabetically first, you get authenticated as root@::1

UPDATE 2013-01-02 16:47 EDT

I am sorry, I overlooked the port number.

Here is the problem: you cannot use root@localhost against a non-3306 port unless you use the TCP/IP protocol. Please try this:

$ mysqladmin --no-defaults --port=3308 --user=root --protocol=tcp password 'somenewpassword'

Mysql – Cannot change root access in MySQL to %

SHOW GRANTS only gives you back whatever you are connected as, which was root@localhost.

root@localhost and root@'%' and completely different users. Just do

SHOW GRANTS FOR root@localhost;
SHOW GRANTS FOR root@'%';

root@localhost lets you connect from the DB Server via mysql.sock (the socket file)
root@'%' lets you connect via TCP/IP, but you must explicitly connect with that protocol. Otherwise, mysqld connects you as root@localhost. This is true even if you attempted to connect using 127.0.0.1.

SUGGESTION #1

For the sake of security, you should use netblocks instead of '%'. For example, if you web servers at 10.1.2.20, 10.1.2.30, and 10.1.2.40, you should create

GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.1.2.%'
IDENTIFIED BY PASSWORD '*fdfgdgdggfggfgfg' WITH GRANT OPTION;

instead of having a remote root.

SUGGESTION #2

If you really want the remote root, here is what you do

UPDATE mysql.user SET host='%'
WHERE user='root' AND host='localhost';
FLUSH PRIVILEGES;

That will do what you want, but remote root is not recommended.

SUGGESTION #3

Since root@'%' already exists, then remove the root@localhost.

DELETE FROM mysql.user WHERE user='root' AND host='localhost';
FLUSH PRIVILEGES;

This will leave root@'%' as the only root user, but you must connect explicitly with TCP/IP.

Best Answer

Related Solutions

Thesql_install_db: How to set the root password

UPDATE 2013-01-02 16:47 EDT

Mysql – Cannot change root access in MySQL to %

SUGGESTION #1

SUGGESTION #2

SUGGESTION #3

Related Question