3

I have hosted one web application on a staging server where I have deleted "root" users from the database. I don't want to use a common name for superuser. I have also created another admin user(Same as root user).

After this change I have tested my application and did not find any issue. But I reviewed articles where people mentioned that they were getting errors after deleting the root user.

My queries are ,

  1. Is it safe to delete the root database?
  2. Will it create any issue in future if remove root user?

I am still doing testing on staging server. Once this poc get done , I am planning to delete the root user from the production server as well.

EDIT

This is a new web application which I am going to host on production server and there is no admin script running.

Kreya
  • 155
  • 5

3 Answers3

4

For administrative purposes, you need to have a SUPER user WITH GRANT OPTION, but the name ('root') does not matter. But...

  • Are there any scripts that assume it is root?
  • Such a user should be granted access only from localhost, thereby adding the OS security on top of that login.
  • Do not give SUPER or WITH GRANT OPTION to any other user (without understanding the security remifications)
  • Each application should have its own login into MySQL. That is, use root (or your replacement name) only for admin purposes, not for applications.
  • Each application login should limit what it can touch. Commonly that is one database, hence GRANT ... ON dbname.* ..., not ON *.*. (There are exceptions and variations on this rule.)
Rick James
  • 78,038
  • 5
  • 47
  • 113
  • there is no admin script. It's a new web application which I am going to host.Is it safe to delete admin user ? – Kreya Aug 14 '20 at 01:47
  • You need some SUPER user in order to do "admin" stuff. The username does not matter. – Rick James Aug 14 '20 at 03:28
  • Sorry I mean root user in above comment. Few articles or post says, once you delete "root" user" your database can crash in future. – Kreya Aug 14 '20 at 04:13
  • @Kreya - If you find a reference to that, I'll study it for caveats. – Rick James Aug 14 '20 at 04:38
2

You don't need to name the user with the highest privleges root, you can named it whatever you want, but at least one of these users has to exist. in case of disaster.

The main security idea is besides long passwords, is that only localhost can access the mysql/mariadb server and connections from the outside are forbidden. so no security bug can be used from the Internet. the rest is done by a REST api

So as long as the whole server is not compromised, the MySQL server with all the valued data is save.

nbk
  • 8,191
  • 5
  • 13
  • 27
0

... web application ... I have deleted "root" users ... After this change I have tested my application and did not find any issue.

And that is exactly as it should be.

You should never code an Application to connect to the database as the root user(and you haven't). Always keep the biggest and best Tools in the Toolbox for yourself, to give you an edge when you have to clean up the mess made by other people (or processes).

... articles where people mentioned that they were getting errors after deleting the root user.

Either their application was using the root user or they didn't give themselves an "alternative" to the root user, as you have.

Phill W.
  • 8,706
  • 1
  • 11
  • 21