MySQL MariaDB

MySQL Lock User Account

2 years ago
by John Otieno

In this article, we will explore how we can lock an account during creation or how to use the alter command to lock an already existing account.

Let’s jump in.

Lock User Account During Creation

There are two main methods of locking an account in MySQL. The first is during account creation as shown in the following command syntax:

CREATE USER username
IDENTIFIED BY ‘password’
ACCOUNT LOCK;

Once an account is locked, MySQL stores the entry in the mysql.user system’s table. The account_locked column stores the locked state with Y representing the locked account and N representing an unlocked account.

Lock an Already Existing Account

The second method to lock an account in MySQL is using the ALTER command. This allows you to lock an already existing account as shown in the following syntax:

ALTER USER username
IDENTIFIED BY ‘password’
ACCOUNT LOCK;

Example 1: Create a Locked Account

The following example shows how to create a locked account using the MySQL create user statement.

mysql> CREATE USER linuxhint@localhost IDENTIFIED BY 'password' ACCOUNT LOCK;

We can then verify the account locked status as shown in the following:

mysql> select user, host, account_locked from mysql.user;

The previous query should return the available users and their locked state as shown in the following output:

+------------------+-----------+----------------+

| user             | host      | account_locked |

+------------------+-----------+----------------+

| linuxhint        | localhost | Y              |

| mysql.infoschema | localhost | Y              |

| mysql.session    | localhost | Y              |

| mysql.sys        | localhost | Y              |

| root             | localhost | N              |

+------------------+-----------+----------------+

5 rows in set (0.00 sec)

We can see from the account_locked column that the “linuxhint” user is locked.

Keep in mind that attempting to login into a locked account results in an error as shown in the following:

$ mysql -u linuxhint -p
Enter password: <>
ERROR 3118 (HY000): Access denied for user 'linuxhint'@'localhost'. Account is locked.

Example 2: Lock an Existing Account

The following example illustrates how to lock an existing account using the ALTER USER command.

Start by creating an account as follows:

mysql> CREATE USER linux@localhost IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)

Next, lock the account with the following command:

mysql> ALTER USER linux@localhost ACCOUNT LOCK;
Query OK, 0 rows affected (0.01 sec)

The previous command should lock the specified account.

You can also check the number of login attempts of a locked account with the following command:

mysql> show global status like 'locked_connects';

Example output:

+-----------------+-------+
| Variable_name   | Value |
+-----------------+-------+
| Locked_connects | 1     |
+-----------------+-------+
1 row in set (0.02 sec

To unlock an account, run the following command:

ALTER USER username ACCOUNT UNLOCK;

The command changes the locked state of a specified account to unlock.

Conclusion

In this post, we discussed how to lock and unlock the accounts in MySQL during the user creation or in an existing account.

Thanks for reading!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts