只要是从本地登录,不管你指定任何权限表之外的用户,都可以登录,譬如hello用户在权限表中并不存在,却依然可以登录,就是拜user为空,host为localhost所赐。
[root@spark01 ~]# mysql --socket=/sales3307/mysql/run/mysql.sock -uhello Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9 Server version: 5.6.28-log MySQL Community Server (GPL) Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
所以,作为mysql安全加固的一部分,这些账号都可以删除的。
总结:如果multiadmin要从本地登录,必须授予localhost的登录权限,%并不包含localhost。
grant all privileges on *.* to 'multiadmin'@'localhost' identified by '123456';