From 0be85cbb9f45d8890a9a055802ea57619cfb41c5 Mon Sep 17 00:00:00 2001
From: Daniel Black <daniel@mariadb.org>
Date: Fri, 5 Feb 2021 09:04:24 +1100
Subject: [PATCH] user host recommend - RENAME USER

Altering mysql.user tables isn't something users should do.

RENAME USER has existed for a long time, use this instead.

Also change SpecificDNSorIp because DNS based grants are
a horrible idea, fragile, and could be disabled with
--skip-name-resolve.

closes #536
---
 mysqltuner.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mysqltuner.pl b/mysqltuner.pl
index 9523590..4e78b00 100755
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@@ -1892,16 +1892,16 @@ q{SELECT CONCAT(user, '@', host) FROM mysql.global_priv WHERE
     }
 
     @mysqlstatlist = select_array
-      "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%'";
+      "SELECT CONCAT(QUOTE(user), '\@', host) FROM mysql.user WHERE HOST='%'";
     if (@mysqlstatlist) {
         foreach my $line ( sort @mysqlstatlist ) {
             chomp($line);
             my $luser = (split /@/, $line)[0];
             badprint "User '" . $line. "' does not specify hostname restrictions.";
             push( @generalrec,
-            "Restrict Host for '$luser'\@% to $luser\@SpecificDNSorIp" );
+            "Restrict Host for $luser\@% to $luser\@LimitedIPRangeOrLocalhost" );
             push( @generalrec,
-            "UPDATE mysql.user SET host ='SpecificDNSorIp' WHERE user='" . $luser. "' AND host ='%'; FLUSH PRIVILEGES;" );
+            "RENAME USER $luser\@'%' TO " . $luser. "\@LimitedIPRangeOrLocalhost;" );
         }
     }