Bug #10500 Grants to non existing user is allowed & later same user can't be created.
Submitted: 10 May 2005 11:07 Modified: 12 May 2005 20:53
Reporter: Disha Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.5 OS: Windows Server 2003
Assigned to: CPU Architecture:Any

[10 May 2005 11:07] Disha 
Description:
Granting privilege to a non existing user is allowed and later creating a user with that name is not allowed.

How to repeat:
1)Grant all on test.* to nonexistent ;
2)Flush privileges ;
3)use mysql ;
4)Select * from db where user = 'nonexistent' ;
5)Create user nonexistent; 

Suggested fix:
Privileges on non existing users should not be allowed. Also the entry into the mysql.db table should not be allowed.
And after this, if we consider early binding in this case then the user with that  name should be allowed to be created.
[10 May 2005 17:35] MySQL Verification Team 
I was unable for to repeat on Linux with 5.0.6:

mysql> Select * from db where user = 'nonexistent'\G
*************************** 1. row ***************************
                 Host: %
                   Db: test
                 User: nonexistent
          Select_priv: Y
          Insert_priv: Y
          Update_priv: Y
          Delete_priv: Y
          Create_priv: Y
            Drop_priv: Y
           Grant_priv: N
      References_priv: Y
           Index_priv: Y
           Alter_priv: Y
Create_tmp_table_priv: Y
     Lock_tables_priv: Y
     Create_view_priv: Y
       Show_view_priv: Y
  Create_routine_priv: Y
   Alter_routine_priv: Y
         Execute_priv: Y
1 row in set (0.01 sec)

mysql>
[11 May 2005 6:43] Disha 
Hi Miguel,
Please try this out,
Consider the non-existent user as 'u1'. Grant him all privileges on database 'db' without actually creating the user 'u1'. After this step you can check in the mysql.db table for the entry that is made with the user name as 'u1'. Now, if we consider that the entry in the mysql.db table is made to consider early binding, then after this step we should be able to create the user with this name as 'u1'. But this is not allowed
and we have the following error displayed :
ERROR 1396 (HY000): Operation CREATE USER failed for 'u1'@'%'.

How to repeat:
1)grant all on db.* to u1 ;
2)Flush privileges ;
3)use mysql ;
4)Select * from db where user = 'u1' ;
5)Create user u1;
[12 May 2005 20:53] Sergei Golubchik 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.mysql.com/documentation/ and the instructions on
how to report a bug at http://bugs.mysql.com/how-to-report.php

Additional info:

this is not "early binding", you simply create a user with your first GRANT statement.
So CREATE USER for the same username fails.