Altering mysql.user tables isn't something users should do.
RENAME USER has existed for a long time, use this instead.
Also change SpecificDNSorIp because DNS based grants are
a horrible idea, fragile, and could be disabled with
--skip-name-resolve.
closes#536
enginestats are only populated if tables exist of that type.
Look at default_storage_engine if defined to communicate the default
storage engine.
closes#469
Default to reading last 30000 lines.
If reading from file estimate that average line
length is 80 characters and read based that
far back from the end of file.
This allows a user to specify a logrotated file
or another file that isn't discoverable from
server log_error system variable or other defaults.
close#504
Information schema access isn't particularly well optimized.
As such, at least in older versions, fetching from the information_schema.TABLES
would involve opening every table.
The ANSI SQL standards SCHEMATA provides a quicker way, and we can reuse it.
The mysql client, mysql, in mariadb is starting to be labeled mariadb.
Likewise mysqladmin is getting called mariadb-admin. Lets check
for these names as well.
For anonymous users, those with user='', having a recommendation
to set their passwords, and warning that the password is the same
as the username is a little excessive since there's already a
recommendation to drop the user.
So let's remove those recommendation so we don't see:
[!!] User '@localhost' has user name as password.
[!!] User '@localhost.localdomain' has user name as password.
or:
Set up a Secure Password for @localhost user: SET PASSWORD FOR ''@'SpecificDNSorIp' = PASSWORD('secure_password');
Set up a Secure Password for @localhost.localdomain user: SET PASSWORD FOR ''@'SpecificDNSorIp' = PASSWORD('secure_password');
Lets keep the focus on:
-------- Security Recommendations ------------------------------------------------------------------
[!!] User ''@'localhost' is an anonymous account. Remove with DROP USER ''@'localhost';
[!!] User ''@'localhost.localdomain' is an anonymous account. Remove with DROP USER ''@'localhost.localdomain';
Include calculation of Aria index size based of *.MAI files.
Use find -0 | xargs -0 to allow for space containing names.
Quote datadir in find in case it had spaces.
Use xargs -r (GNU extension) (supported Linux, FreeBSD, OpenBSD,
NetBSD, not Solaris, not OSX) to not run if there's no files that match.
This prevents it running the total of the current directory if
there are no M[YA]I files.
A total size of 0 for Aria or MyISAM indexes isn't a problem
because:
* MySQL-5.[567] used MyISAM system tables which have indexes, so 0
wasn't possible (except for remote user without mysql.* access).
* 0 size of index is equally likely to be 0 tables of this type
(e.g. MySQL-8.0, or MariaDB-10.4+ (Aria default, not MyISAM)).
Setting total_aria_indexes=1 when it was previously 0 is misleading.
Aria was never called AriaDB despite the apparent convention in
other storage engines so use just Aria, or Aria Storage Engine
in messages.
Differentiate between Aria not available and disabled in report.
DROP USER has existed for a very long time.
Use the QUOTE sql function to ensure accounts are correctly quoted
and this helps the delete recommendation.
MySQL has auth_socket as its plugin compared to unix_socket on MariaDB
so accept that as a valid reason for having no authentication.
MySQL [(none)]> show create user dan@localhost;
+-----------------------------------------------------------------------------------------------------------------+
| CREATE USER for dan@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| CREATE USER 'dan'@'localhost' IDENTIFIED WITH 'auth_socket' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
MySQL [(none)]> select user,host,plugin from mysql.user;
+---------------+-----------+-----------------------+
| user | host | plugin |
+---------------+-----------+-----------------------+
| root | localhost | mysql_native_password |
| mysql.session | localhost | mysql_native_password |
| mysql.sys | localhost | mysql_native_password |
| dan | localhost | auth_socket |
| expiretest | % | mysql_native_password |
| expiretest | localhost | mysql_native_password |
+---------------+-----------+-----------------------+
6 rows in set (0.001 sec)
MySQL [(none)]> select version();
+-----------+
| version() |
+-----------+
| 5.7.31 |
+-----------+
MariaDB-10.4 migrated their authentication to a global_priv table in JSON
format. Also locked user accounts where added. By default the mariadb.sys
is a locked user without a password and there as the owner of the mysql.user
view. As its hazardous for a user to modify this we exclude locked accounts
but still search for mysql_native_password plugin without authentication.
We use versioned comments to process all other versions. The 5.5+ MySQL
version comment is also read by MariaDB (ref: https://mariadb.com/kb/en/comment-syntax/
enabling the processing of plugins on other version that have plugins.
While this branch doesn't yet apply to MySQL-8.0 yet, we add support
for the locked user accounts in MySQL-8.0+ in a versioned comment
(not read by MariaDB).
