MYSQL Docker container created user root is root@%, so it can connect from any host
During MYSQL init set up , in init.sql, you might have
CREATE USER 'test'@'%' IDENTIFIED BY 'gitea';
GRANT ALL PRIVILEGES ON `gitea`.* TO 'test'@'%';
thats allowing user test to connect from any host, to enforce restriction for the user from a docker container service from any docker container within a docker subnet, its more safer to do :
CREATE USER 'test'@'169.255.255.%' IDENTIFIED BY 'gitea';
GRANT ALL PRIVILEGES ON `gitea`.* TO 'test'@'169.255.255.%';
Or if your init.sql already ran, you can do :
RENAME USER 'test'@'%' TO 'test'@'169.255.255.%';
You can do this with root user as well,
If root@'localhost' already exists, drop the wide one:
sql
Copy code
DROP USER 'root'@'%';
you can use SQL statement to check:
SELECT user, host, plugin FROM mysql.user WHERE user='root';
No comments:
Post a Comment