For anonymous users, those with user='', having a recommendation
to set their passwords, and warning that the password is the same
as the username is a little excessive since there's already a
recommendation to drop the user.
So let's remove those recommendation so we don't see:
[!!] User '@localhost' has user name as password.
[!!] User '@localhost.localdomain' has user name as password.
or:
Set up a Secure Password for @localhost user: SET PASSWORD FOR ''@'SpecificDNSorIp' = PASSWORD('secure_password');
Set up a Secure Password for @localhost.localdomain user: SET PASSWORD FOR ''@'SpecificDNSorIp' = PASSWORD('secure_password');
Lets keep the focus on:
-------- Security Recommendations ------------------------------------------------------------------
[!!] User ''@'localhost' is an anonymous account. Remove with DROP USER ''@'localhost';
[!!] User ''@'localhost.localdomain' is an anonymous account. Remove with DROP USER ''@'localhost.localdomain';
Include calculation of Aria index size based of *.MAI files.
Use find -0 | xargs -0 to allow for space containing names.
Quote datadir in find in case it had spaces.
Use xargs -r (GNU extension) (supported Linux, FreeBSD, OpenBSD,
NetBSD, not Solaris, not OSX) to not run if there's no files that match.
This prevents it running the total of the current directory if
there are no M[YA]I files.
A total size of 0 for Aria or MyISAM indexes isn't a problem
because:
* MySQL-5.[567] used MyISAM system tables which have indexes, so 0
wasn't possible (except for remote user without mysql.* access).
* 0 size of index is equally likely to be 0 tables of this type
(e.g. MySQL-8.0, or MariaDB-10.4+ (Aria default, not MyISAM)).
Setting total_aria_indexes=1 when it was previously 0 is misleading.
Aria was never called AriaDB despite the apparent convention in
other storage engines so use just Aria, or Aria Storage Engine
in messages.
Differentiate between Aria not available and disabled in report.
DROP USER has existed for a very long time.
Use the QUOTE sql function to ensure accounts are correctly quoted
and this helps the delete recommendation.
MySQL has auth_socket as its plugin compared to unix_socket on MariaDB
so accept that as a valid reason for having no authentication.
MySQL [(none)]> show create user dan@localhost;
+-----------------------------------------------------------------------------------------------------------------+
| CREATE USER for dan@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| CREATE USER 'dan'@'localhost' IDENTIFIED WITH 'auth_socket' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
MySQL [(none)]> select user,host,plugin from mysql.user;
+---------------+-----------+-----------------------+
| user | host | plugin |
+---------------+-----------+-----------------------+
| root | localhost | mysql_native_password |
| mysql.session | localhost | mysql_native_password |
| mysql.sys | localhost | mysql_native_password |
| dan | localhost | auth_socket |
| expiretest | % | mysql_native_password |
| expiretest | localhost | mysql_native_password |
+---------------+-----------+-----------------------+
6 rows in set (0.001 sec)
MySQL [(none)]> select version();
+-----------+
| version() |
+-----------+
| 5.7.31 |
+-----------+
MariaDB-10.4 migrated their authentication to a global_priv table in JSON
format. Also locked user accounts where added. By default the mariadb.sys
is a locked user without a password and there as the owner of the mysql.user
view. As its hazardous for a user to modify this we exclude locked accounts
but still search for mysql_native_password plugin without authentication.
We use versioned comments to process all other versions. The 5.5+ MySQL
version comment is also read by MariaDB (ref: https://mariadb.com/kb/en/comment-syntax/
enabling the processing of plugins on other version that have plugins.
While this branch doesn't yet apply to MySQL-8.0 yet, we add support
for the locked user accounts in MySQL-8.0+ in a versioned comment
(not read by MariaDB).
Good message is
-------- InnoDB Metrics ----------------------------------------------------------------------------
[--] Skipped due to --skipsize option
