WL#6977: Remove all anonymous accounts from all default deployments
Affects: Server-5.7 — Status: In-Documentation — Priority: Medium
We require that all anonymous accounts are removed from a default installation- and deployment process. This worklog outlines how this can be accomplished for all existing deployment scenarios.
Functional Requirement: F1: Anonymous user accounts must be removed by default whenever mysql_install_db is executed. F2: Provide an option to generate anonymous users. F3: Scope : RPMs According to http://dev.mysql.com/doc/refman/5.6/en/linux-installation-rpm.html ... ... As of MySQL 5.6.8, new RPM install operations (not upgrades) invoke mysql_install_db with the --random-passwords option that provides for more secure MySQL installation. Invoking mysql_install_db with --random-passwords causes it to assign a random password to the MySQL root accounts, set the “password expired” flag for those accounts, and remove the anonymous-user MySQL accounts. It will be necessary after installation to start the server, connect as root using the password written to the $HOME/.mysql_secret file, and assign a new root password. Until this is done, root cannot do anything else. This must be done for each root account you intend to use. ... ...
See HLS for WL#6962
See LLDS for WL#6962
Copyright (c) 2000, 2017, Oracle Corporation and/or its affiliates. All rights reserved.