WL#6977: Remove all anonymous accounts from all default deployments
Affects: Server-5.7
—
Status: In-Documentation
We require that all anonymous accounts are removed from a default installation-
and deployment process. This worklog outlines how this can be accomplished for
all existing deployment scenarios.
Functional Requirement:
F1: Anonymous user accounts must be removed by default whenever mysql_install_db
is executed.
F2: Provide an option to generate anonymous users.
F3: Scope : RPMs
According to http://dev.mysql.com/doc/refman/5.6/en/linux-installation-rpm.html
...
...
As of MySQL 5.6.8, new RPM install operations (not upgrades) invoke
mysql_install_db with the --random-passwords option that provides for more
secure MySQL installation. Invoking mysql_install_db with --random-passwords
causes it to assign a random password to the MySQL root accounts, set the
“password expired” flag for those accounts, and remove the anonymous-user MySQL
accounts. It will be necessary after installation to start the server, connect
as root using the password written to the $HOME/.mysql_secret file, and assign a
new root password. Until this is done, root cannot do anything else. This must
be done for each root account you intend to use.
...
...
Copyright (c) 2000, 2025, Oracle Corporation and/or its affiliates. All rights reserved.