You can disable the client access control in MySQL by telling the server not to read the grant tables and disable access control. Use the –skip-grant-tables option to do so. The –skip-grant-tables option has the following effects:
- When connected, the user has full privileges to do anything.
- This option disables account management statements such as CREATE USER, GRANT, REVOKE, and SET PASSWORD.
Disabling access control is convenient if you forget the root password and need to reset it because any user can connect with full privileges without providing a password. This is clearly dangerous. To prevent remote clients from connecting over TCP/IP, use the –skip- networking option. Clients then can connect only from the localhost using a socket file on UNIX, or a named pipe or shared memory on Windows. To avoid casual connections from the localhost, use a non-standard socket name at the command prompt.
Account management statements require the in-memory copies of the grant tables, which are not available when you disable access control. To change privileges or set a password, modify the grant tables directly. Alternatively, issue a FLUSH PRIVILEGES statement after connecting to the server, which causes the server to read the tables and also enables the account management statements.
Conclusion
When you disable the client access control in MySQL,
1. Every connection succeeds:
- You can provide any username and any password, and you can connect from any host.
- The option disables the privilege system entirely.
- Connected users effectively have all privileges.
2. Prevent clients from connecting:
- Use the –skip-networking option to prevent network access and allow access only on local socket, named pipe, or shared memory.
- Use the –socket option to start the server on a non- standard socket to prevent casual access by local applications or users.