Bug #23690 DROP USER instead of DELETE FROM mysql.user
Submitted: 26 Oct 2006 20:36 Modified: 12 Jan 2007 19:52
Reporter: Geert Vanderkelen Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: Documentation Severity:S4 (Feature request)
Version:5.1 OS:Any (*)
Assigned to: Paul DuBois CPU Architecture:Any

[26 Oct 2006 20:36] Geert Vanderkelen
Description:

In the MySQL 5.1 manual:
  http://dev.mysql.com/doc/refman/5.1/en/default-privileges.html

In the section talking about removing the anonymous account ' Anonymous Account Removal', DELETE FROM mysql.user is used with FLUSH PRIVILEGES. Though, I think it's more appropriated to use the newer DROP USER here.

How to repeat:
shell> mysql -u root
mysql> DELETE FROM mysql.user WHERE User = '';
mysql> FLUSH PRIVILEGES;

Suggested fix:

Maybe better:

shell> mysql -u root
mysql> DROP USER ''@'localhost';
mysql> DROP USER ''@'hostname';
[26 Oct 2006 20:49] MySQL Verification Team
Thank you for the bug report.
[12 Dec 2007 22:25] Timothy Dillon
This line below:

mysql> DROP USER ''@'hostname';

is perhaps intended to be for a logical replacement of 'hostname' with the real hostname, as a literal string it does not work (in 5.0 anyway). MySql seems to have trouble dereferencing @@hostname variable as well in any attempts I've been able run so far, like:
mysql> select user from user where host=@@hostname and user='';
+------+
| user |
+------+
|      | 
+------+
1 row in set (0.00 sec)

mysql> select @@hostname;
+------------+
| @@hostname |
+------------+
| sc12       | 
+------------+
1 row in set (0.00 sec)

mysql> drop user ''@@@hostname;
mysql> drop user@'@@hostname';
mysql> drop user '''@'@@hostname;
mysql> drop user ''@\@@@hostname;

all fail. And no way to shell out or tic out a replacement variable for that one. Guess that's why they use the delete and flush privs rather than graceful non-dictionary mucking drop user sql statment. As you can see this is easy from the select above.