Dear DBAs,

Just wonder if you are using 'root' or 'mysql' linux account (or may be both) to manage MySQL.

I have mysql server 5.7 installed on Ubuntu. The mysqld process runs under user 'mysql'. This user is given bash shell, however its password is locked so direct ssh to it is not possible and I have to do 'sudo su - mysql' to login to it. When I need to stop/start mysql server I sudo to root and run 'service mysql stop/start' command. But when I do some other admin tasks like updating config files or checking log files I sudo to mysql. I try to use root only when necessary.

However the "CIS Oracle MySQL Enterprise Edition 5.7 Benchmark" document (a benchmark guide for MySQL 5.7 which public available from Center for Internet Security) recommends that the 'mysql' account be disabled for interactive login. The rational being "Preventing the MySQL user from logging in interactively may reduce the impact of a compromised MySQL account. There is also more accountability as accessing the operating system where the MySQL server lies will require the user's own account. Interactive access by the MySQL user is unnecessary and should be disabled."

For me I think it's better to have mysql available for login since it's safer to use it (rather than root) for admin tasks.

What do you think?