Two anonymous users

After MariaDB initialized, I noticed that there are two anonymous users in mysql.user table.

MariaDB [mysql]> select user,host from user where user='';
+------+-----------------------+
| user | host                  |
+------+-----------------------+
|      | localhost             |
|      | myhost |
+------+-----------------------+

Tried to DROP the anonymous users from my mysql.users database. However, I have been getting odd behavior.

DROP User ''@'localhost';
Query OK, 0 rows affected.

But when I run SQL

SELECT User, Host, Password FROM mysql.user WHERE User='';

The return is:

MariaDB [mysql]> select user,host from user where user='';
+------+-----------------------+
| user | host                  |
+------+-----------------------+
|      | localhost             |
|      | myhost |
+------+-----------------------+

How to delete MariaDB anonymous users?

Try to delete the user directly from table 'user', it works.

 

MariaDB [mysql]> delete from user where user='';
Query OK, 2 rows affected (0.00 sec)

Why is that?

MySQL has certain users preinstalled into mysql.user. Also, mysql.db comes with two users that have anonymous access and full privileges to test databases.

Here is it

MariaDB [mysql]> select host,db,user from db where user='';
+------+---------+------+
| host | db      | user |
+------+---------+------+
| %    | test    |      |
| %    | test\_% |      |
+------+---------+------+
2 rows in set (0.00 sec)

It means that anyone that connects to test or any database starting with test_ can do everything in the test database.  Do you want things like this?

My advice to you is to run this to clean out test user access:

DELETE FROM mysql.db WHERE db LIKE 'tes%' AND user='';
FLUSH PRIVILEGES;

Ref:

https://mariadb.com/kb/en/mariadb/mysqluser-table/